Internet attack called broad and long lasting

• Previous message (by thread): Internet attack called broad and long lasting
• Next message (by thread): Internet Attack Called Broad and Long Lasting by Investigators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > I agree. But I saw, how hackers intruded into XXX agency (USA's, I mean)
6
> > years ago. Cisco sources never was a great secret
>
> Then you shouldn't be talking about it.

I mean - such things was common even 6 years ago. There was (always) some
level of rooted servers, some level of teen hackers, some level of
compromised passwords. Absolutely nothing new. If you (like Cisco) have a
wide cooperation, are big, and decided (reasonably) do not sacrify in
productivity because of paranoiic security - you have some risk of be
intruded. It just means _use simple, sometimes primitive, but effective
measures for additional protection_. Host based IDS-es on ALL (ALL) servers,
single time passwords for everything, non standard ports - at least one of
such list (teher are much more on the list).

> Okay, so if it is a Good Thing for competitors and a Bad Thing for Cisco
> which is a commercial company with a vested interest in not giving away
> their secrets to competitors, how is this not a major loss? _EVEN_ if
> only in reputation?
No, exclude reputation from my list - I did not estimated it. 100% agree
about reputation. But cisco's reputation is not major thing
for anyone outside of Cisco.

I underplay it because it is overplayed by the media. If (IF!) cisco code
had not backdoors from developers (and I believe, it had not), then this
particular event is major for Cisco, but minor for the rest of the world
(even for competitors). You can not do much with this code, except if you
are Cisco or are contrafacting Cisco's as a clone - it (as any such code)
require the whole infrastructure around to be used. (It's as egg cell - we
need a whole women around to get use of it).

> > It is amazing. Cisco made  a lot of noice about IDS, IPS, etc etc....
while
> > no one in reality need these super expansive and
> > complex tools (except few dozens of companies under the DDOS risk); but
>
> IDS.. IPS.. etc.. etc... DDoS risk?
>
> I can agree with many on the complete uselessness of IDS for most
> companies (I can't live without it!).. IPS systems are a different matter.
>
> > missed so simple thing as ssh exploit in their own nest. (It is not
> > harmless - we found ssh trojan on my previous job, just exactly the same
>
> Let me Google you and find where you worked. :o)
Ok, but we do few simpler measures (sometimes on 0 cost) which dramatically
decrease a chance of intrusions, and other measures to prevent any chance of
intrusion into important areas. And we do not forget to patch 'ssh' and
'ssl'  (after all -:)).

IDS and IPS are good, if you have it on _EVERYTHING_ (which means, btw, that
they can not be very expensive because you will never be able to use
expensive tool on _everything_) and, most important, main IDS and IPS have
brand names _cluefull admin and cluefull manager_.

But we got aside.

My point for this forum was _do not overestimate real harm from this Cisco
sources leak_. It is almost harmless (except for repuation) vs consumer data
leaks, consumer password's leaks, consumer OS exploits, medical data leaks
and so on.
If someone get control on ISP xxx routers - trust me, it will happen because
he found admin passwords and because
clueless admin allowed in-band access from Internet, or because NOC's server
was compromised - but not because someone had Cisco sources.

>
> >>Burrowing from that, if the attack is successful, and the loss is
> >>significant, I think the way there - although cute, is irrelevant except
> >
> > I mean _MINOR_ because lost was minor, in reality. No because it was ssh
> > exploit.
>
> Okay, I still don't follow you. I don't mean to be annoying but I really
> don't. Let's not move too much into the realm of security and stay in
> net ops.
>
> How is this not a loss and not a risk? If we can't reach an agreement I
> suggest we take this off-list.

Because it is useless for hackers, except if Cisco have a backdoors and
embedded trojans. And (most important) because it distract NOC's and
security guys from securing NOC's, access pathes to the routers, use
changable passwords and so on.

Simple question - do you control all changes on your routers and firewalls?
I mean - something like CCR system (which sends
daily change reports) or Cisco Works (as I know, do the same)? How often do
you change enable passwords? Is it enough for  intruder to set up sniffer in
the NOC, steal password, then loging and change config (and be unnoticed)?






>
> Gadi.

• Previous message (by thread): Internet attack called broad and long lasting
• Next message (by thread): Internet Attack Called Broad and Long Lasting by Investigators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]