At 7:10 PM +0000 8/25/03, Reimer, Fred wrote: >A structured threat is a threat from someone who has experience and >knowledge as far as breaking into networks. An unstructured threat is a >threat by a script kiddie. I guess they use structured because a >knowledgeable black-hat would have a comprehensive plan on the attack, >whereas an unstructured threat would just be looking for the latest >Microsoft bug ;-) >
It still seems a Cisco problem that CCO searches on "structured threat" or "structured attack" return nothing, nor are they in the SAFE white papers. Interesting, a Google search on Cisco and "structured threat" did bring up a few hits. http://www.coact.com/spock/spmin.oct97.html reveals a presentation by ISS Corporation on _their_ SAFE Architecture. The NSA director is quoted as defining structured vs. unstructured at http://www.kbeta.com/SecurityTips/Vulnerabilities/SpottingIntruders.htm To me, this is a significant documentation failure by Cisco. Not all working professionals are going to take every course Cisco offers. It's especially important that Cisco be clear about its terminology, since I have encountered a number of concepts where SAFE or other documents use terminology differently than one finds in the general professional literature on security. Quite a number of cryptographic terms seem to be thrown about without rigorous definitions. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74360&t=74304 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html