Educause Security Discussion mailing list archives
Re: Phishing E-mail Procedures
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 26 Jan 2012 14:45:33 -0500
On Thu, 26 Jan 2012 12:24:10 CST, Tim Doty said:
"Default Permit".... In short, it isn't something that security folks go preaching.
Marcus's point is that it's a *dumb* idea - any security folks preaching it should probably be taken out back and shot. Or maybe shot out front and made an example of. ;) The problem is all the little corner cases - everything from propping a door open because you'll be right back to open a hole for port 22 for a vendor support technician and not bothering to restrict by source IP address because you don't know for sure but you *know* you'll close it right back up...
"Enumerating Badness". This is closer to being accurate, but in security it is not preached, it is accepted.
Even if it's *accepted*, it's *still* a dumb idea, as every single site pnwed via an sql injection will testify. ;)
Guess what I do with Snort? I enumerate badness (detection rules are an example of enumeration and with snort we don't try to detect what is good, but what is undesired). Sorry, but I'm not giving up on snort.
And you know to add an "undesired" rule, how? ;) Might be illustrative to turn that around for a little while - add some snort rules to ignore known good traffic, and have it dump all the stuff it has neither "good" nor "bad" rules someplace - you'll almost certainly find surprising stuff you didn't know was on your network (I once made Steve Bellovin drop his fork at lunch by telling him that somebody I know in this neck of the woods had actually spotted RFC3514-tagged traffic in Comcast's production network.. :)
Attachment:
_bin
Description:
Current thread:
- Re: Phishing E-mail Procedures, (continued)
- Re: Phishing E-mail Procedures Colleen Keller (Jan 26)
- Re: Phishing E-mail Procedures Pete Hickey (Jan 26)
- Re: Phishing E-mail Procedures Bob Bayn (Jan 26)
- Re: Phishing E-mail Procedures Jesse Thompson (Jan 26)
- Re: Phishing E-mail Procedures Robert Meyers (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Jesse Thompson (Jan 26)
- Re: Phishing E-mail Procedures Doty, Timothy T. (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Tim Doty (Jan 26)
- Re: Phishing E-mail Procedures Valdis Kletnieks (Jan 26)
- Re: Phishing E-mail Procedures Tim Doty (Jan 26)
- Re: Phishing E-mail Procedures Roger A Safian (Jan 26)