[163570] in North American Network Operators' Group
Re: chargen is the new DDoS tool?
daemon@ATHENA.MIT.EDU (Ricky Beam)
Wed Jun 12 00:03:05 2013
To: Valdis.Kletnieks@vt.edu
Date: Wed, 12 Jun 2013 00:02:40 -0400
From: "Ricky Beam" <jfbeam@gmail.com>
In-Reply-To: <78392.1371005712@turing-police.cc.vt.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, 11 Jun 2013 22:55:12 -0400, <Valdis.Kletnieks@vt.edu> wrote:
> Do you have any actual evidence that a .edu of (say) 2K employees
> is statistically *measurably* less secure than a .com of 2K employees?
We're sorta lookin' at one now. :-)
But seriously, how do you measure one's security? The scope is constantly
changing. While there are companies one can pay to do this, those reports
are *very* rarely published. And I've not heard of a single edu
performing such an audit. The only statistics we have to run with are of
*known* breaches. And that's a very bad metric as a company with no
security at all that's had no (reported) intrusions appears to have very
good security, while a company with extensive security looks very bad
after a few breaches. One has noone sniffing around at all, while the
other has teams going at it with pick-axes. One likely has noone in charge
of security, while the other has an entire security department.
