« How important is this? | Main | PCI makes for "Superior Security" »

Rats in a sewer...

How many botnets reside within your network? Are you worried about the almost certain fact that they do?

I described it to a colleague today as being similar to rats in a sewer. These insidious creatures crawl around within the dark tunnels of our global network usually remaining out of sight. We know they are there but unless we go on a hunt it's unlikely we'll actually see them. My colleagues' view on the matter is as follows

"So in infosec nuisance malware is just that, but must not be allowed to take the focus. The focus needs to be what matters, the effects on the company and its information/reputation. So this comes down to managing the risks and knowing what the critical assets are rather than trying to protect every device and scrap of information as equals. … you have as much hope of protecting everything perfectly as removing the rats from the sewers of London."

It's a view I fully agree with. Instead of chasing rats, focus on protecting assets. We have little choice but to live with the nasty stuff so be aware that it is there, mitigate risk as far as you can, and don't spend too much time trudging through the sewers because it's not very nice down there!

There some more information on botnets here including a link to an interview with a botnet owner - won't his parents just be so proud!

http://www.wormblog.com/2006/03/an_inside_look_.html (an excellent blog)
http://www.mckeay.net/secure/2006/02/botnet_owner_interview.html
http://www.schneier.com/blog/archives/2005/12/dutch_botnet.html


Tags:

Posted by Stuart King on January 4, 2007 6:00 PM
| View blog reactions

TrackBack

TrackBack URL for this entry:
http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/1335

Comments (1)

Bryan Fite:

Are the rats contained to the sewer/cellar? I contend they are in your pantry caressing your breakfast. They are on you AD Admin's desktop. How would you know? The botnots of the past were used to DoS or deploy SPAM. The new breed of rootkit is dedicated to harvesting access credentials and establishing a base of operations. OPCR (Other People's Computing Resources) are an incredible motivator for criminals. How can you protect the castle when the family jewels are in the fields?

Posted by Bryan Fite | April 4, 2007 12:04 PM

Posted on April 4, 2007 12:04

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on January 4, 2007 6:00 PM.

The previous post in this blog was How important is this?.

The next post in this blog is PCI makes for "Superior Security".

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Enterprise 4.1-en