Snort mailing list archives
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9
From: Matthew Jonkman <jonkman () emergingthreatspro com>
Date: Mon, 31 Jan 2011 22:41:10 -0500
I absolutely agree. It's a balance, and something is definite;y better than nothing. :) BTW, I'll be putting that article up on our blog shortly for those who didn't grab it from hakin9. Matt On Jan 31, 2011, at 5:16 PM, Michael Lubinski wrote:
Its always a balancing act. Investing in the talent behind your network (most of the time) will pay of in the long run. Now thats a pretty big generalization on who and what that person has to be but I would imagine that most of the users here are some type of that person in question. From what I have see in the market is a deficiency in time. *If only I had more time I would have enabled that logging and been documenting the configuration changes. It may be that the better choice is a fire and forget IDS, because I wouldn't have the time to implement snort if we did go that route, other things are at the table, (not necessarily security things either). Isn't some security better than no security? At least that pre-packaged IDS will alert me to somethings, rather than none. On Mon, Jan 31, 2011 at 3:52 PM, Matthew Jonkman <jonkman () emergingthreatspro com> wrote: On Jan 31, 2011, at 3:53 PM, Michael Lubinski wrote:"As a security guy I cannot makethat choice to spend less to get less security. I think that’sdereliction of duty to make any choice to be less securewhen more secure is available and feasible." Is this the mindset of a true genius? I do not see this often, its kind of refreshing. Much too often I am forced to upgrade that application because it has a new feature over any number of actions you can make to make your environment more secure.What I was thinking with spend less to get less being dereliction was many-fold, but primarily folks that make the budget decision to go with something pre-packaged but mostly ok. IDS is a prime example. You can pick up a 1U prepackaged fire-and-forget ids appliance/firewall/toaster that'll fill in the IDS audit check box (as in, yes, we have an ids. In the closet somewhere). You'd be FAR better off learning some snort or suricata, buying a stock 1U appliance very cheaply (or picking up an prepackaged IDS appliance that lets you manage things and rules) and being really aware. Better spent money, and a more aware organization. It may even cost the same as a prepackaged appliance. Doesn't work for everyone, but when you learning something is what stops you from picking the more effective choice, that's a violation of your responsibilities. IMHO. MattOn Mon, Jan 31, 2011 at 12:53 PM, Dale Handy < dhandy () nitrosecurity com> wrote:Old Bad Signature, Signed by an unverified key: 1/31/11 at 1:53:50 PMThere's no pride in his family! He's got it all! Will Metcalf wrote:Ya, I love his articles. He's one smart mo-fo!He is very modest as well.. ;-) Regards, Will On Mon, Jan 31, 2011 at 12:41 PM, Matthew Jonkman < jonkman () emergingthreatspro com> wrote:Ya, I love his articles. He's one smart mo-fo! Matt On Jan 31, 2011, at 1:35 PM, Castle, Shane wrote:Matt Jonkman has an article in the new Hakin9 magazine. As you might guess, he discusses IDS implementation and deployment. I really really wish Hakin9 would get rid of the two-column format. -- Shane Castle Data Security Mgr, Boulder County IT CISSP GSEC GCIH _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!_______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current! .-- Everyone talks about apathy, but no one does anything about it. -- Dale L. Handy, P.E. Chief Security Engineer NitroSecurity, Inc. dhandy () nitrosecurity com 208-552-8707 * Dale Handy <dale.handy () gmail com> * 0xF3F1FFE9 - Unverified(L)Old Unprotected* text/plain body * text/plain body This e-mail message and any attachments contain information that is confidential and may be privileged. If the reader of this e-mail is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to this message or by sending an email to postmaster () nitrosecurity com, and destroy all copies of this message and any attachments without reading or disclosing them. Thank you. ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -- Michael Lubinski 409 S. Fisk St. Green Bay, WI 54303Old Unprotected_______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!Old Bad Signature, Signed by an unverified key: 1/31/11 at 1:53:50 PM* text/plain body * Dale Handy <dale.handy () gmail com> * 0xF3F1FFE9 - Unverified(L)---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc
---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Matt Jonkman in the new Hakin9 Castle, Shane (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Will Metcalf (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Dale Handy (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Michael Lubinski (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Joel Esler (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Michael Lubinski (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Jason Wallace (Feb 01)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Feb 02)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Martin Holste (Feb 02)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections John York (Feb 03)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections Matthew Jonkman (Feb 03)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections Marshall Bartoszek (Feb 04)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections Jefferson, Shawn (Feb 03)
- Re: was--Matt Jonkman in the new Hakin9--now detecting infections John York (Feb 03)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Will Metcalf (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Jason Wallace (Feb 03)
- Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Martin Holste (Feb 03)