PaulDotCom mailing list archives
Re: What say you!?
From: Michael Lubinski <michael.lubinski () gmail com>
Date: Tue, 5 Jul 2011 10:52:38 -0500
The response predicted was the response received, I now know I'm not off my rocker at least. On Tue, Jul 5, 2011 at 10:05 AM, John Strand <strandjs () gmail com> wrote:
lol On Tue, Jul 5, 2011 at 8:58 AM, Mike Patterson <mike () snowcrash ca> wrote:HOW IS SEKURE NETWORK FORMD:\On 2011/07/05 10:31 AM, John Strand wrote:Mike, Are you new here? I kid, I kid. John On Tue, Jul 5, 2011 at 8:20 AM, Mike Patterson <mike () snowcrash ca>wrote:On 2011/07/05 9:08 AM, Ron Gula wrote:On 7/2/2011 11:41 AM, Michael Lubinski wrote:Read:http://blog.zeltser.com/post/6479619232/protean-information-security-architectureKnowing this list has a significant amount of pen testers and such,whatsay you?I really like the emotion behind this concept, but don't like this for practical reasons.[..]I don't mind at all having fake targets on the inside of your network, but the idea of constantly reconfiguring the data structures andserversas a method to thwart pen testers is no substitute for patching, tight inbound/outbound ACLs, network monitoring and log analysis.My first thought was "it must be nice to have the kind of free time after doing. . ." everything you say, and more, including convincing sysadmins that yes, the firewall really is there to help you and yes, you really do need to figure out precisely how that workstation got popped and writing documentation and helping others to do the same and responding (or actively ignoring) RIAA/MPAA complaints and figuring out if the lack of IDS logs is because of a NIC failure, driver bug, OSbug,disk failure, something else, going to meetings with your co-workers or management... all the other stuff blue-team IT types do on a daily basis. Or would, if they had 48 hour days. And THEN, when you DO have that kind of time, you get to spend MOREtimeensuring that your new honeypots don't actually become a vulnerability themselves. While you convince management that they're necessary, and try to assuage the fears of NOC monkeys, and... OK, yeah, confusing the attacker's well and good, but unless you've got all the other ducks in a row, you might be finding the root of all evil - premature optimisation. Lenny's idea is nice in theory, but in practise, I think it belongs near the bottom of the priority list. Mike _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- John Strand Office: (605) 550-0742 Cell: (303) 710-1171 _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- What say you!? Michael Lubinski (Jul 03)
- Re: What say you!? Ron Gula (Jul 05)
- Re: What say you!? Mike Patterson (Jul 05)
- Re: What say you!? Brian Erdelyi (Jul 05)
- Re: What say you!? John Strand (Jul 05)
- Re: What say you!? Mike Patterson (Jul 05)
- Re: What say you!? John Strand (Jul 05)
- Re: What say you!? Michael Lubinski (Jul 05)
- Re: What say you!? Butturini, Russell (Jul 05)
- Re: What say you!? Michael Lubinski (Jul 05)
- Re: What say you!? Mike Patterson (Jul 05)
- Re: What say you!? Ron Gula (Jul 05)