PaulDotCom mailing list archives
Re: What say you!?
From: Michael Lubinski <michael.lubinski () gmail com>
Date: Tue, 5 Jul 2011 13:54:38 -0500
Thats exactly what I thought, something to think about on the way to work.... right next to the gamification of IT right? Lolz. On Tue, Jul 5, 2011 at 11:49 AM, Butturini, Russell < Russell.Butturini () healthways com> wrote:
The article isn’t without its merit for interesting and creative ideas, but in larger environments where SOX, defined outage windows, and change control are king, this would never fly. And agreed, this would be neat if you had a security team with time to do these kinds of things, but there’s no way you could squeeze in comprehensive analysis of your “fake” targets in a normal day. **** ** ** Let’s give him credit, it’s food for thought though J**** ** ** *From:* pauldotcom-bounces () mail pauldotcom com [mailto: pauldotcom-bounces () mail pauldotcom com] *On Behalf Of *Michael Lubinski *Sent:* Tuesday, July 05, 2011 10:53 AM *To:* PaulDotCom Security Weekly Mailing List *Subject:* Re: [Pauldotcom] What say you!?**** ** ** The response predicted was the response received, I now know I'm not off my rocker at least.**** On Tue, Jul 5, 2011 at 10:05 AM, John Strand <strandjs () gmail com> wrote:** ** lol**** ** ** On Tue, Jul 5, 2011 at 8:58 AM, Mike Patterson <mike () snowcrash ca> wrote:* *** HOW IS SEKURE NETWORK FORMD:\****On 2011/07/05 10:31 AM, John Strand wrote:Mike, Are you new here? I kid, I kid. John On Tue, Jul 5, 2011 at 8:20 AM, Mike Patterson <mike () snowcrash ca>wrote:On 2011/07/05 9:08 AM, Ron Gula wrote:On 7/2/2011 11:41 AM, Michael Lubinski wrote:Read:http://blog.zeltser.com/post/6479619232/protean-information-security-architectureKnowing this list has a significant amount of pen testers and such,whatsay you?I really like the emotion behind this concept, but don't like this for practical reasons.[..]I don't mind at all having fake targets on the inside of your network, but the idea of constantly reconfiguring the data structures andserversas a method to thwart pen testers is no substitute for patching, tight inbound/outbound ACLs, network monitoring and log analysis.My first thought was "it must be nice to have the kind of free time after doing. . ." everything you say, and more, including convincing sysadmins that yes, the firewall really is there to help you and yes, you really do need to figure out precisely how that workstation got popped and writing documentation and helping others to do the same and responding (or actively ignoring) RIAA/MPAA complaints and figuring out if the lack of IDS logs is because of a NIC failure, driver bug, OS bug, disk failure, something else, going to meetings with your co-workers or management... all the other stuff blue-team IT types do on a daily basis. Or would, if they had 48 hour days. And THEN, when you DO have that kind of time, you get to spend MORE time ensuring that your new honeypots don't actually become a vulnerability themselves. While you convince management that they're necessary, and try to assuage the fears of NOC monkeys, and... OK, yeah, confusing the attacker's well and good, but unless you've got all the other ducks in a row, you might be finding the root of all evil - premature optimisation. Lenny's idea is nice in theory, but in practise, I think it belongs near the bottom of the priority list. Mike _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com**** **** -- John Strand**** Office: (605) 550-0742**** Cell: (303) 710-1171**** ** ** _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com**** ** ** ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ****************************************************************************** _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- What say you!? Michael Lubinski (Jul 03)
- Re: What say you!? Ron Gula (Jul 05)
- Re: What say you!? Mike Patterson (Jul 05)
- Re: What say you!? Brian Erdelyi (Jul 05)
- Re: What say you!? John Strand (Jul 05)
- Re: What say you!? Mike Patterson (Jul 05)
- Re: What say you!? John Strand (Jul 05)
- Re: What say you!? Michael Lubinski (Jul 05)
- Re: What say you!? Butturini, Russell (Jul 05)
- Re: What say you!? Michael Lubinski (Jul 05)
- Re: What say you!? Mike Patterson (Jul 05)
- Re: What say you!? Ron Gula (Jul 05)