I agree with you that it is a pretty serious issue if it is not searchable
on Cisco's site, or in their SAFE white papers. However, it IS in every
single }current{ documentation/training materials for their security
certifications. Well, at least for all of their CCSP security
certifications. I have all of the materials for all of the current courses,
and it is in every single one of them.
Fred Reimer - CCNA
Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050
NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.
-----Original Message-----
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]
Sent: Monday, August 25, 2003 4:45 PM
To: [EMAIL PROTECTED]
Subject: RE: SAFE and the Holy Hand Grenade of Antioch [7:74304]
At 7:10 PM +0000 8/25/03, Reimer, Fred wrote:
>A structured threat is a threat from someone who has experience and
>knowledge as far as breaking into networks. An unstructured threat is a
>threat by a script kiddie. I guess they use structured because a
>knowledgeable black-hat would have a comprehensive plan on the attack,
>whereas an unstructured threat would just be looking for the latest
>Microsoft bug ;-)
>
It still seems a Cisco problem that CCO searches on "structured
threat" or "structured attack" return nothing, nor are they in the
SAFE white papers.
Interesting, a Google search on Cisco and "structured threat" did
bring up a few hits. http://www.coact.com/spock/spmin.oct97.html
reveals a presentation by ISS Corporation on _their_ SAFE
Architecture. The NSA director is quoted as defining structured vs.
unstructured at
http://www.kbeta.com/SecurityTips/Vulnerabilities/SpottingIntruders.htm
To me, this is a significant documentation failure by Cisco. Not all
working professionals are going to take every course Cisco offers.
It's especially important that Cisco be clear about its terminology,
since I have encountered a number of concepts where SAFE or other
documents use terminology differently than one finds in the general
professional literature on security. Quite a number of cryptographic
terms seem to be thrown about without rigorous definitions.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74373&t=74304
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
