« Come Participate in the AZ Security Practitioners' Forum | Main | My Thoughts: Security Vulnerability Categories »

Part 2: My Thoughts: Security Vulerability Categories

A few other attacks that come to mind are root bridge injection, management VLAN color tagging, dangling switch syndrome all of which are based IEEE 802.1"x" standards. Even an IP spoofing or loose-source routing attacks can be attributed to RFCs within the IAB's and the task-forces they govern. FISMA, SOX, HIPPA legal compliance also may be subjected to the same analytical debasement. In my opinion, it is the mirror of the struggle that is faced in the encryption realm of security... code makers battling the code breakers. Each struggling to out do the other in a constant ebb and flow of technological advance vs. interpretive application of exploits to leverage the designs described within the standard the other is creating.

I am strained to legitimize open systems within this context but also am aware that in today's environments this type of closure would lead to a critical path within telecommunications industries. Reducing us back into closed systems, islands of automation or proprietary extensions added to existing standards... breaking heterogynous network capability. Can you say "Into the way back machine Mr. Peabody". I cannot say that I have an answer to this conundrum but only offer my observations on how this is occurring in today's constant evolutionary cycle of attacks in Info Sec.

Being a chemist.More next time.

Posted on Saturday, November 11, 2006 at 08:43AM by Registered CommenterDale Brice-Nash in | CommentsPost a Comment

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Editor Permission Required
You must have editing permission for this entry in order to post comments.