Ironwood Tree

Friday, January 18, 2008

I know this is a pile of crap

This is a big pile of bullcrap that will do nothing for our security. If you aren't in computer security it might sound like a good idea.

The reason this will do nothing is that finding attacks is only the first step. Next is winnowing out false positives. 90% of alerts are really nothing. You have to know your environment to filter them out. When examining the traffic of a whole country, it is impossible to know your environment. I can do it with 300 or so computers only because 200+ of them have a standard image and I can look at them and find what's wrong in a few minutes.

The third step is response. Are they going to go to your house and clean up your computer? It would be good news for me if they did - that would suck up the talents of every computer security person in the country several times over. Salaries would skyrocket. Or there would be a draft. Trust me - this is a population that you don't want to draft. Imagine a really angry army of people with lockpicking and hacking skills. Not a recipe for success.


Post a Comment

<< Home