PaulDotCom mailing list archives

Re: What say you!?

From: Ron Gula <rgula () tenable com>
Date: Tue, 05 Jul 2011 09:08:00 -0400

On 7/2/2011 11:41 AM, Michael Lubinski wrote:

Read:
http://blog.zeltser.com/post/6479619232/protean-information-security-architecture

Knowing this list has a significant amount of pen testers and such, what
say you?


I really like the emotion behind this concept, but don't like this for
practical reasons. It really seems like this is a "get secure quick"
gimmick such as loosing weight where patch management & log monitoring
is akin to diet and exercise.

I don't mind at all having fake targets on the inside of your network,
but the idea of constantly reconfiguring the data structures and servers
as a method to thwart pen testers is no substitute for patching, tight
inbound/outbound ACLs, network monitoring and log analysis.

Having some realistic target honeypot targets is a great indicator, but
no guarantee that your domain controller didn't just get owned.

-- 
Ron Gula, CEO
Tenable Network Security
http://www.tenable.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

What say you!? Michael Lubinski (Jul 03)
- Re: What say you!? Ron Gula (Jul 05)
  - Re: What say you!? Mike Patterson (Jul 05)
    - Re: What say you!? Brian Erdelyi (Jul 05)
    - Re: What say you!? John Strand (Jul 05)
    - Re: What say you!? Mike Patterson (Jul 05)
    - Re: What say you!? John Strand (Jul 05)
    - Re: What say you!? Michael Lubinski (Jul 05)
    - Re: What say you!? Butturini, Russell (Jul 05)
    - Re: What say you!? Michael Lubinski (Jul 05)