Friday, May 30, 2008

Kees and Andy have a couple of great points that I want to reitterate

My friend Kees Leune makes a great point about the disappearing edge.

A couple of years back it would have been fine to throw up a firewall to protect your network. Attacks were mostly inbound in nature and could be dealt with in a straight forward manner.

The siege mentality could be used to defend your network. If I put up enough outward facing defenses (firewall, anti spam, virus scanners, etc..), I can protect my castle. What we run into today is that the attacks are drawing us out to them, our trade routes and water supplies have to be monitored and checked. The cross site scripting vulnerabilities that PayPal revealed that it had shows this very well. We trust PayPal with our money, but they still have vulnerabilities.

In todays network traffic needs to be monitored for anomalies. If you are not running an IRC chat or you employees are not supposed to be accessing IRC, monitor for that traffic. It may be legitimate, but it might not be as well.

The "bad guys" knew in medeaval times that if a direct assault did not work, if you can get someone to come out and take something from you (i.e. Troy) you have a greater success. They no longer have to lob dead animals over the walls at us. They set them outside our walls and let us know that they are providing them as food to us. Today's "bad guys" are adapting as well

This leads me to what Andy Willingham talks about in this blog post.

Just because we've always done it that way does not make it the best way to do it now. On a regular basis go back and reevaluate your policies and procedures. Ask questions that have not been asked before. Ask questions that have been asked before, you may be suprised that you get a different answer. Don't just accept "let me get back to you about that" as an answer.

The "bad guys" are willing to question the way things are done, hence how they find vulnerabilities. Take a page from their book. Look at your network from a different point of view. Rethink your network.

That's enough for me today.
Be safe


Thursday, May 15, 2008

Wow, I'm on a podcast

Michael Santarcangelo invited me to take part in the May 2008 Security Roundtable discussing the RSA Conference. I was honored to be asked and got a chance to participate with some of my fellow attendees:

Dr. Anton Chauvakin |

Jennifer Leggio |

Martin McKeay |

Michael Santarcangelo |

We had a great time recording and could have probably gone on for quite a bit longer about the experiences we all had. The podcast is about an hour and we hope you enjoy it. Please provide feedback here, I am interested to know what you thought.

I was using a SnoBall microphone from BlueMic and thought the performance was very good.

I also have to apologize again for not posting in over a month.
I had a fairly lengthy post on my experience at the RSA conference and the surrounding events, and failed to post it. Then I started a new job which has taken up quite a bit of my thought cycles.
Hopefully I will get back to a regular posting cycle now.

Go out and be safer