[Dailydave] Going against the Gradient

[J.M. Seitz]

> Dave my man.  I agree that security is an arm's race for signature based
> products.  Though should we throw out the baby with the dirty water?  Is
> no firewall, VLANs, route filtering, IDS, AV, central
> management/logging, etc better than a lame one?  

Yeah, in some cases it is better to not have something than to have a
lame one. When I say lame I am factoring in the host of client-sides
which are rarely (if ever) detected, the constant stream of AV 0-day,
and other badness. Let's be honest, the nRuns guys were right: "defense
in depth is dead and we killed it."

> Hey, and since you brought up Vista you've got to admit that they're
> making exploitation more challenging ... though the reverse affect of
> that is that all 0days are now underground and not getting published
> since they're worth way too much.  So while Vista may be more secure  in
> terms of number of 0days out there ... the severity of secret ones
> (which as you mention bypass AV/IDS/etc) has risen.  And it's not like
> we can all just stop using browsers and email clients.... :)  Security's
> not such a lost cause - it's just as challenging as ever!

I agree, I don't think that security is a lost cause. I think that in
order to really make a difference as info-sec professionals, we have to
_really_ step into the shoes of a real attacker with a real business
model. The only way we can continually advance our protection mechanisms
is to increase the complexity and virulence of our simulated attacks.
Whoever hires the best attackers will ultimately stay ahead in the arms
race.

JS