再保险:你的法律顾问在击败DDOS攻击

大卫·勒布朗说:> > >我不会进入特定供应商的行为。我们可以让> > >文档非常大如果我们进入这样的细节。> > > >在这种特殊情况下,我不同意。大约一半的> >证书报告发表在1999年> > RPC服务处理严重的漏洞。> >如果我们要进入具体行动来防止常见>利用公开的各种供应商,我们或许可以>提出一个很长的名单。(<笑话>不超过500 >列表中呢?< g >)所有真实的:-)>我也不确定公平地挑出任何一个供应商>文档的类型,这可能只是一天的问题。一个想法,虽然我们有点斜方内的概念“前20名名单”最严重的,通常利用漏洞,类似于使用的WildList杀毒社区,但有点比当前CERT更全面的总结。我们正在考虑这个的上下文中CVE:使用前10名名单CVE说话,喂它到你的IDSs和评估工具,并修复问题。(我们的演示文稿raid - 99包括一些幻灯片。) A number of others have talked about such a list as well. It would just so happen that RPC services would dominate the top spots for the foreseeable future ;-) but it could also leave room for NT. The top 20 list could be used to raise the bar by actually defining one. Conformance to the top 20 list then becomes a requirement. It would establish an absolute minimum that anybody should be sure they are protected from. Other lists could contain less "important" problems, and would imply additional levels of protection. The list could be updated on a periodic basis, with input from across the community. As we begin to get a grip on how to model "policy," there could be different lists for different policies. - Steve