Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Fake MicroSoft calls
Special Forums Cybersecurity Fake MicroSoft calls Post 303011432 by Neo on Thursday 18th of January 2018 08:17:32 AM
Old 01-18-2018
I recall VoIP vulnerabilities over the years and for many years.

On another note, it is always important to keep in mind that (IT) RISK is the intersection of VULNERABILITY, THREAT & CRITICALITY.

So, even if there is a VULNERABILITY, if there is no real THREAT or CRITICALITY, then RISK is LOW.

For example, for someone who uses VoIP and is not a high profile person or spy or criminal etc who has THREATS and if a VULNERABILITY is exploited, it does not do critical harm (in the case of VoIP threats for most people who use VoIP daily), then the RISK is low.

I've been aware of possible VoIP exploits for many years, but it does not stop me from using the myriad technologies that use VoIP. This especially applies to VoIP technologies which are encrypted. LINE, What's App and I believe Skype are all encrypted and so exploiting these VoIP vulnerabilities are non trivial, as I recall, and so most users who use encrypted VoIP are not at high RISK.

There is also the RISK MITIGATION model, which combines TECHNICAL (LOGICAL) CONTROLS, PHYSICAL CONTROLS AND ADMINISTRATIVE CONTROLS, should be considered as well

Encrypting a VoIP channel is a TECHNICAL CONTROL and having a policy whereas HIGHLY SENSITIVE USERS do not use these apps unless approved is an ADMINISTRATIVE CONTROL.

It is important to keep in mind that RISK MANAGEMENT and RISK MITIGATION is a multidimensional and multifaceted approach, so VULNERABILITIES must be viewed in context to the THREAT and CRITICALITY; and RISK MITIGATION must be viewed in terms of RISK and the "best" combination of controls (ADMIN, TECH, PHYSICAL) based on RISK (and this implies budget as well).

Cheers.
This User Gave Thanks to Neo For This Post:
Don Cragun
 

2 More Discussions You Might Find Interesting

1. IP Networking

Identification of data calls & voice calls

Is there any facility to filter/identify the data calls and voice calls coming throug modem? OR Can we get the data or voice calls information through a script(preferably C Kermit)? (0 Replies)
Discussion started by: pcsaji
0 Replies

2. Windows & DOS: Issues & Discussions

Microsoft Powerpoint 2003 stops working after 12 April 2011 Microsoft Updates

For the benefit of the community this is a widespread worldwide problem affecting multiple versions of Microsoft Windows. Powerpoint erroneously reports Powerpoint presentation damaged and then often hangs. Until Microsoft sort this out, try removing Powerpoint security update KB 2464588... (0 Replies)
Discussion started by: methyl
0 Replies

LEARN ABOUT DEBIAN

bayesol

BAYESOL(1)																BAYESOL(1)

NAME

       bayesol - a Bayes solution calculator for use with dbacl.

SYNOPSIS

       bayesol [-DVNniv] -c riskspec [FILE]...

       bayesol -V

DESCRIPTION

       bayesol	is  a Bayes solution calculator designed to combine the output of dbacl(1) with a prior distribution and a risk specification, and
       calculate the optimal Bayesian decision (which minimizes the posterior risk).

       The risk specification is read from the text file riskspec and must be written in a simple format described below. The dbacl(1) output  can
       either be read from FILE or from STDIN.

EXIT STATUS

       On  success,  bayesol returns a positive integer corresponding to the category with the lowest risk.  In case of a problem, bayesol returns
       zero.

OPTIONS

       -c     Classify using riskspec.	See the section RISK SPECIFICATION.

       -i     Fully internationalized mode. Forces the use of wide characters internally, which is  necessary  in  some  locales.  This  incurs  a
	      noticeable performance penalty.

       -n     Print risk scores for each category.  Each score is (approximately) the logarithm of the expected risk under that category. The low-
	      est score (ie closest to -infinity) is best, etc.

       -N     Print recursive risk scores for each category.  Each score is (approximately) the logarithm of the best score based on the remaining
	      categories,  after  the previously best scoring categories have been removed, and a normalizing factor was added. A full description
	      is given in the technical report listed at the end of this manpange. The largest score (ie closest to +infinity) is best, etc.

       -v     Verbose mode. Prints to STDOUT the category with minimum posterior risk.	In case several categories are possible, prints the  first
	      category in the order in which they appear in the categories section of riskpspec.

       -D     Print debug output. Do not use.

       -V     Print the program version number and exit.

RISK SPECIFICATION

       bayesol needs to read a text file riskspec containing a risk specification. The format of this text file is as follows

	      categories { cat1, cat2,..., catN}
	      prior { p1, p2,..., pN}
	      loss_matrix {
	      "regex1" c1 [ formula11, formula12,..., formula1N]
	      "regex2" c2 [ formula21, formula22,..., formula2N]
	       .
	       .
	      "regexM" cM [ formulaM1, formulaM2,..., formulaMN]
	      }

       In the above, cat1, cat2,..., catN, are category names, p1, p2,..., pN, are non-negative numbers, regex1, regex2,..., regexM, are (possibly
       empty) regular expression strings, c1, c2,..., cM, are instances of the category names cat1, cat2,..., catN, and the formulas  are  numbers
       or mathematical expressions.

       Every  category	which  appears	in  the  categories section must appear at least once in the loss_matrix section, with an empty "" regular
       expression.  To construct the actual loss matrix used in the decision calculations, bayesol selects, for each  category	appearing  in  the
       categories  section, the first row whose regular expression is matched within FILE or STDIN, or the first row with empty regular expression
       if there are no matches.

       Each formula can be either a single number, or an algebraic combination of the operators exp(), log(), +, -, *, /, ^  and  parentheses  ().
       The  string  "inf"  is  parsed as the value infinity. Also, the string "complexity" is recognized, and converted to the complexity for that
       category as reported by dbacl(1).  Finally, if the corresponding regular expression contains submatches	delimited  by  parentheses,  their
       numerical values can be used inside the formulas as the special variables $1, ..., $9. Note that submatches which aren't numerical are con-
       verted to the value zero.

       Case is important. Spaces and newlines can be liberally inserted. Comments must start with a # and extend to the end of the line.

USAGE

       Typically, bayesol is used together with dbacl(1).  An invocation looks like this:

       % dbacl -c one -c two -c three sample.txt -vna | bayesol -c toy.risk -v

       See /usr/share/doc/dbacl/costs.ps for a description of the algorithm used.  See also /usr/share/doc/dbacl/tutorial.html for a more detailed
       overview.

SOURCE

       The source code for the latest version of this program is available at the following locations:

       http://www.lbreyer.com/gpl.html
       http://dbacl.sourceforge.net

AUTHOR

       Laird A. Breyer <laird@lbreyer.com>

SEE ALSO

       dbacl(1), mailcross(1), mailfoot(1), mailinspect(1), mailtoe(1), regex(7)

Version 1.12						   Bayesian Classification Tools						BAYESOL(1)
All times are GMT -4. The time now is 09:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy