Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9

[Matthew Jonkman <jonkman () emergingthreatspro com>]

On Jan 31, 2011, at 3:53 PM, Michael Lubinski wrote:

> "As a security guy I cannot makethat choice to spend less to get less security. I think that’sdereliction of duty to 
> make any choice to be less securewhen more secure is available and feasible."
>
>
> Is this the mindset of a true genius? I do not see this often, its kind of refreshing. Much too often I am forced to 
> upgrade that application because it has a new feature over any number of actions you can make to make your 
> environment more secure.

What I was thinking with spend less to get less being dereliction was many-fold, but primarily folks that make the 
budget decision to go with something pre-packaged but mostly ok. IDS is a prime example. You can pick up a 1U 
prepackaged fire-and-forget ids appliance/firewall/toaster that'll fill in the IDS audit check box (as in, yes, we have 
an ids. In the closet somewhere). 

You'd be FAR better off learning some snort or suricata, buying a stock 1U appliance very cheaply (or picking up an 
prepackaged IDS appliance that lets you manage things and rules) and being really aware. Better spent money, and a more 
aware organization. It may even cost the same as a prepackaged appliance. 

Doesn't work for everyone, but when you learning something is what stops you from picking the more effective choice, 
that's a violation of your responsibilities. 

IMHO. 

Matt


> On Mon, Jan 31, 2011 at 12:53 PM, Dale Handy  < dhandy () nitrosecurity com> wrote:
>
>
>
> * PGP Bad Signature, Signed by an unverified key: 1/31/11 at 1:53:50 PM
>
> There's no pride in his family! He's got it all!
>
>
> Will Metcalf wrote:
> > > Ya, I love his articles. He's one smart mo-fo!
> >
> > He is very modest as well.. ;-)
> >
> > Regards,
> >
> > Will
> >
> > On Mon, Jan 31, 2011 at 12:41 PM, Matthew Jonkman
> > < jonkman () emergingthreatspro com> wrote:
> > > Ya, I love his articles. He's one smart mo-fo!
> > >
> > > Matt
> > >
> > >
> > > On Jan 31, 2011, at 1:35 PM, Castle, Shane wrote:
> > >
> > > > Matt Jonkman has an article in the new Hakin9 magazine. As you might
> > > > guess, he discusses IDS implementation and deployment.
> > > >
> > > > I really really wish Hakin9 would get rid of the two-column format.
> > > >
> > > > --
> > > > Shane Castle
> > > > Data Security Mgr, Boulder County IT
> > > > CISSP GSEC GCIH
> > > >
> > > > _______________________________________________
> > > > Emerging-sigs mailing list
> > > > Emerging-sigs () emergingthreats net
> > > > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> > > >
> > > > Support Emerging Threats! Subscribe to Emerging Threats Pro  http://www.emergingthreatspro.com
> > > > The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
> > >
> > > ----------------------------------------------------
> > > Matthew Jonkman
> > > Emergingthreats.net
> > > Emerging Threats Pro
> > > Open Information Security Foundation (OISF)
> > > Phone 765-807-8630
> > > Fax 312-264-0205
> > > http://www.emergingthreatspro.com
> > > http://www.openinfosecfoundation.org
> > > ----------------------------------------------------
> > >
> > > PGP:  http://www.jonkmans.com/mattjonkman.asc
> > >
> > >
> > >
> > > _______________________________________________
> > > Emerging-sigs mailing list
> > > Emerging-sigs () emergingthreats net
> > > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> > >
> > > Support Emerging Threats! Subscribe to Emerging Threats Pro  http://www.emergingthreatspro.com
> > > The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
> > _______________________________________________
> > Emerging-sigs mailing list
> > Emerging-sigs () emergingthreats net
> > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> >
> > Support Emerging Threats! Subscribe to Emerging Threats Pro  http://www.emergingthreatspro.com
> > The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
> > .
>
> --
> Everyone talks about apathy, but no one does anything about it.
>
> -- Dale L. Handy, P.E.
>   Chief Security Engineer
>   NitroSecurity, Inc.
>    dhandy () nitrosecurity com
>   208-552-8707
>
> * Dale Handy <dale.handy () gmail com>
> * 0xF3F1FFE9 - Unverified(L)
>
> * PGP Unprotected
> * text/plain body
> * text/plain body
> This e-mail message and any attachments contain information that is confidential and may be privileged.  If the 
> reader of this e-mail is not the intended recipient, you are hereby notified that any dissemination, distribution or 
> copying of this communication is strictly prohibited.  If you have received this communication in error, please 
> immediately notify us by replying to this message or by sending an email to  postmaster () nitrosecurity com, and 
> destroy all copies of this message and any attachments without reading or disclosing them.  Thank you.
>
>
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -- 
> Michael Lubinski
> 409 S. Fisk St.
> Green Bay, WI 54303
>
> * PGP Unprotected
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () emergingthreats net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
>
>
> * PGP Bad Signature, Signed by an unverified key: 1/31/11 at 1:53:50 PM
> * text/plain body
> * Dale Handy <dale.handy () gmail com>
> * 0xF3F1FFE9 - Unverified(L)


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc




------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users