Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9

From: Michael Lubinski <michael.lubinski () gmail com>
Date: Mon, 31 Jan 2011 16:16:02 -0600
Its always a balancing act. Investing in the talent behind your network
(most of the time) will pay of in the long run. Now thats a pretty big
generalization on who and what that person has to be but I would imagine
that most of the users here are some type of that person in question. From
what I have see in the market is a deficiency in time. *If only I had more
time I would have enabled that logging and been documenting the
configuration changes. It may be that the better choice is a fire and forget
IDS, because I wouldn't have the time to implement snort if we did go that
route, other things are at the table, (not necessarily security things
either). Isn't some security better than no security? At least that
pre-packaged IDS will alert me to somethings, rather than none.

On Mon, Jan 31, 2011 at 3:52 PM, Matthew Jonkman <
jonkman () emergingthreatspro com> wrote:


On Jan 31, 2011, at 3:53 PM, Michael Lubinski wrote:


"As a security guy I cannot makethat choice to spend less to get less

security. I think that’sdereliction of duty to make any choice to be less
securewhen more secure is available and feasible."



Is this the mindset of a true genius? I do not see this often, its kind

of refreshing. Much too often I am forced to upgrade that application
because it has a new feature over any number of actions you can make to make
your environment more secure.




What I was thinking with spend less to get less being dereliction was
many-fold, but primarily folks that make the budget decision to go with
something pre-packaged but mostly ok. IDS is a prime example. You can pick
up a 1U prepackaged fire-and-forget ids appliance/firewall/toaster that'll
fill in the IDS audit check box (as in, yes, we have an ids. In the closet
somewhere).

You'd be FAR better off learning some snort or suricata, buying a stock 1U
appliance very cheaply (or picking up an prepackaged IDS appliance that lets
you manage things and rules) and being really aware. Better spent money, and
a more aware organization. It may even cost the same as a prepackaged
appliance.

Doesn't work for everyone, but when you learning something is what stops
you from picking the more effective choice, that's a violation of your
responsibilities.

IMHO.

Matt





On Mon, Jan 31, 2011 at 12:53 PM, Dale Handy  < dhandy () nitrosecurity com>

wrote:




* PGP Bad Signature, Signed by an unverified key: 1/31/11 at 1:53:50 PM

There's no pride in his family! He's got it all!


Will Metcalf wrote:

Ya, I love his articles. He's one smart mo-fo!


He is very modest as well.. ;-)

Regards,

Will

On Mon, Jan 31, 2011 at 12:41 PM, Matthew Jonkman
< jonkman () emergingthreatspro com> wrote:

Ya, I love his articles. He's one smart mo-fo!

Matt


On Jan 31, 2011, at 1:35 PM, Castle, Shane wrote:


Matt Jonkman has an article in the new Hakin9 magazine. As you might
guess, he discusses IDS implementation and deployment.

I really really wish Hakin9 would get rid of the two-column format.

--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro

http://www.emergingthreatspro.com

The ONLY place to get complete premium rulesets for Snort 2.4.0

through Current!


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP:  http://www.jonkmans.com/mattjonkman.asc



_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro

http://www.emergingthreatspro.com

The ONLY place to get complete premium rulesets for Snort 2.4.0 through

Current!



_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro

http://www.emergingthreatspro.com

The ONLY place to get complete premium rulesets for Snort 2.4.0 through

Current!

.



--
Everyone talks about apathy, but no one does anything about it.

-- Dale L. Handy, P.E.
  Chief Security Engineer
  NitroSecurity, Inc.
   dhandy () nitrosecurity com
  208-552-8707

* Dale Handy <dale.handy () gmail com>
* 0xF3F1FFE9 - Unverified(L)

* PGP Unprotected
* text/plain body
* text/plain body
This e-mail message and any attachments contain information that is

confidential and may be privileged.  If the reader of this e-mail is not the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.  If
you have received this communication in error, please immediately notify us
by replying to this message or by sending an email to
postmaster () nitrosecurity com, and destroy all copies of this message and
any attachments without reading or disclosing them.  Thank you.







------------------------------------------------------------------------------

Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better

price-free!

Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Michael Lubinski
409 S. Fisk St.
Green Bay, WI 54303

* PGP Unprotected

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro

http://www.emergingthreatspro.com

The ONLY place to get complete premium rulesets for Snort 2.4.0 through

Current!



* PGP Bad Signature, Signed by an unverified key: 1/31/11 at 1:53:50 PM
* text/plain body
* Dale Handy <dale.handy () gmail com>
* 0xF3F1FFE9 - Unverified(L)



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: