chargen is the new DDoS tool?

• Previous message (by thread): chargen is the new DDoS tool?
• Next message (by thread): chargen is the new DDoS tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/12/13, Joel M Snyder <Joel.Snyder at opus1.com> wrote:
>  >But seriously, how do you measure one's security?
> In ounces, unless it's a European university, in which case you use
> liters.  Older systems of measuring security involving mass (pounds and
> kilos) have been deprecated, and you should not be using them anymore in

You need to count the number of  employees/users, information assets,
applications,  systems, IP addresses on your network, and network
ports on your switch,  processes running on all your machines,  files
stored on your servers;   and place them in the disjoint
non-overlapping categories.

Then decide a 'weight'  for each object, 'impact';  for example,  the
cost of formatting and reinstalling a server,  buying new hardware if
a device has been bricked;   or the cost of  re-creating work from
scratch,   or  settling the lawsuit  if your environment's security
failure allows this particular file's content to be  disclosed, lost,
corrupted, or made temporarily unavailable due to a DoS.

The weight should be the greatest possible cost of breach, or
misbehavior of that object, be that an application, OS,  user,
switchport, or MAC address,  but   Users, Applications, Servers,
Workstations, Network Devices, and "Documents directories"   are some
useful categories to use.

Then assign a probability of each object,  based on the expectation of
a breach,  given the series of expected attacks over a period of time.


Then for each category,  take a ratio of the sums  of all objects  for
each category

Sum of  ( ( 1  minus  Probability that an attack succeeds )  X  (
Weight )   )   Divided by  (Sum of the Weights)


Example,   I  have   5      Windows XP servers on my network,  which
cost me $100 to recover and replace from attack,  for the period of
time of 1 year,  no firewall,  RDP open to the world;  so  there is a
90%  chance estimated that   an attacker will eventually find the
vulnerability  on average over the series of attacks I expect to find
in one year,  except on one system I patched, so there is a 40%
chance.


(0.6 * $100 + 0.1 * $100 + 0.1 * $100 + .... )   divided by $500

Then  when faced with the complete series of attacks, I expect to lose
$400 out of  $500;  so  my OS  category  is 10% secure  for the year,
in that case.


Your percentage security is the  _lowest_,  _least desirable_,  or
_worst_   metric   over all the distinct categories  you cared about.


> jms
--
-JH

• Previous message (by thread): chargen is the new DDoS tool?
• Next message (by thread): chargen is the new DDoS tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]