[65175] in North American Network Operators' Group
Re: Cost of Worm Attack Protection
daemon@ATHENA.MIT.EDU (Jamie Reid)
Thu Nov 13 17:32:31 2003
Date: Thu, 13 Nov 2003 17:28:34 -0500
From: "Jamie Reid" <Jamie.Reid@mbs.gov.on.ca>
To: sgorman1@gmu.edu, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_603EE686.D1B1DEB1
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
While I can't give you a fixed cost, I can confidently say that the value =
or cost/benefit over time resembled=20
a bathtub curve. It starts high, drops sharply close to zero, then climbs =
slowly over time as the infection=20
rate dissipates while a fixed mitigation strategy is applied, with =
diminishing results.=20
For blaster/nachi, we are starting to encounter side effects of the =
filters put in place, which is slowly
incurring support costs as exceptions are made. =20
--
Jamie.Reid, CISSP, jamie.reid@mbs.gov.on.ca
Senior Security Specialist, Information Protection Centre=20
Corporate Security, MBS =20
416 327 2324=20
>>> <sgorman1@gmu.edu> 11/13/03 09:35am >>>
I was hoping to get some estimates from folks on the costs of defending =
networks from various worm attacks. It is a pretty wide open question, =
but if anyone has some rough estimates of what it costs per edge, manpower =
vs. equipment costs, or any combination thereof it would be of great =
assistance. We are doing some simulations of attack and defense strategies=
and looking for some good metrics to plug into a cost benefit model. =
We'd be happy to share the results if anyone is interested as well.
Thanks in advance,
sean
--=_603EE686.D1B1DEB1
Content-Type: text/plain
Content-Disposition: attachment;
filename=TEXT.htm
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2800.1226" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 8pt Tahoma; MARGIN-LEFT: 2px">
<DIV><FONT size=1></FONT> </DIV>
<DIV><FONT size=1>While I can't give you a fixed cost, I can confidently say
that the value or cost/benefit over time resembled </FONT></DIV>
<DIV><FONT size=1>a bathtub curve. </FONT><FONT size=1>It starts
high, drops sharply close to zero, then climbs slowly over time as the
infection </FONT></DIV>
<DIV><FONT size=1>rate dissipates </FONT><FONT size=1>while a fixed
mitigation strategy is applied, with diminishing results. </FONT></DIV>
<DIV><FONT size=1></FONT> </DIV>
<DIV><FONT size=1>For blaster/nachi, we are starting to encounter side effects
of the filters put in place, which is slowly</FONT></DIV>
<DIV><FONT size=1>incurring support costs as exceptions are made.
</FONT></DIV>
<DIV><BR> </DIV>
<DIV> </DIV>
<DIV>--<BR>Jamie.Reid, CISSP, <A
href="mailto:jamie.reid@mbs.gov.on.ca">jamie.reid@mbs.gov.on.ca</A><BR>Senior
Security Specialist, Information Protection Centre <BR>Corporate Security,
MBS <BR>416 327 2324 <BR>>>> <sgorman1@gmu.edu> 11/13/03
09:35am >>><BR><BR><BR>I was hoping to get some estimates from folks on
the costs of defending networks from various worm attacks. It is a pretty
wide open question, but if anyone has some rough estimates of what it costs per
edge, manpower vs. equipment costs, or any combination thereof it would be of
great assistance. We are doing some simulations of attack and defense
strategies and looking for some good metrics to plug into a cost benefit
model. We'd be happy to share the results if anyone is interested as
well.<BR><BR>Thanks in advance,<BR><BR>sean<BR><BR></DIV></BODY></HTML>
--=_603EE686.D1B1DEB1--
