Network Security Blog

I’d walk out of any restaurant that tried to ask for my drivers license and then drive to the closest police department to report the incident.  I’m not sure if this was illegal, but it’s definitely something the local police should investigate.

I’m not sure which concerns me more, the security guard who thought this was a good idea, or the people who were willing to give over their drivers licenses just to get into IHOP.

Technorati Tags: security, McKeay, privacy, IHOP

Andy, IT Guy gives a specific example of how monitoring logs would have saved one company he consulted at a lot of time and grief.  The only problem is, in most organizations, log monitoring is an afterthought, if it’s a thought at all.  My last job was as the administrator of the IDS systems for a major state agency, and as such I spent my day monitoring Snort (later Sourcefire) logs for suspicious incidents, but most IT departments don’t have the luxury of dedicating a specific resource to that type of monitoring. 

If you have to monitor logs, find some way of aggragating and filtering your logs.  There are a number of open source and commercial solutions that will allow you to do both with varying degrees of implementation and daily usage pain.  But even a central syslog collector you can review through grep commands is better than having to go to each of the systems individually.  I’m looking at a Cisco Security Monitoring, Analysis and Response System (CS-MARS) implementation early next year, but your needs may be equally well served with a collection of open source tools you put together yourself. 

Anything’s better than not looking at the logs at all.

We can only assume that a plan to release a weeks worth of Oracle Database vulnerabilities was cancelled due to lawyers and threats to sue the pants off of Cesar Cerrudo if he went forward with the project.  From what we’ve seen with Oracle in the past, I think this is probably a fairly safe assumption to make though.  I wonder if Cesar had just named the project more generically, say ‘Week of Database Bugs’ instead, and then just published Oracle bugs if he couldn’t at least have gotten a few of the bugs out before  the lawsuit threats began.

This is a graphic example of why I don’t believe vendors should be in charge of the disclosure process: it’s only in their best interest to cover up the vulnerbilities.

Technorati Tags: security, McKeay, Oracle, Vulnerability

I get this strange mental image of Christopher Hoff rubbing his hands in glee at the thought of Richard Stiennon joining the ranks of UTM vendors.  Maybe it’s just me or maybe that’s the intended tone of his post congratulating Richard on his new position at Fortinet.  I’ve never had the opportunity to meet either of these gentlemen face to face, but meeting them at RSA promises to be interesting, to say the least. 

Richard has commented on Chris’ blog that he can’t get into the ‘role of online defender’, but I’m hoping there’s a hidden ‘just yet’ in the statement.  When folks like Richard and Chris take strong positions on products and technologies and have to defend them from other highly intellegent people, there’s always something to be learned from the back and forth.  Maybe I can get both gentlemen on a podcast to talk about their own visions of Unified Threat Management some time next year. 

Technorati Tags: security, McKeay, UTM, Stiennon, Hoff

Getting back into the swing of things tonight, but the voice is still a little rough.  Tonight’s interview was with Jim Hurley who’s the managing director of the IT Policy Compliance Group for Symantec.  I’ll post a link to the site and the report as soon as it becomes available.  Show notes are a little sparse tonight, since I’m still  in recovery mode.  I’ll do better next week.  In the mean time, if you wonder what I look like, I’m the guy towering over Irena on Geek Entertainment TV this week.

Network Security Podcast, Episode 53, November 28, 2006

Time: 28:57

I guess my friend Richard Stiennon felt the lure of the dark side and is no longer an independent analyst; he’s been snapped up by Fortinet and is now their Chief Marketing Officer.  He’ll still write for ZDNet occasionally at ThreatChaos, but it appears he’ll have to step back from writing the industry and write about the threats again.  The IT-Harvest site appears to have already gone off-line, but I’m betting that’s just a temporary measure.

Congratulations and good luck, Richard.  Drop me a line when you get a chance and we’ll talk about what this means for you.  Both on the record and off. 

Technorati Tags: security, McKeay, Stiennon

Ed Felten is happy about the exemptions made by U.S. Copyright Office, but as he points out, the exemption process is onerous and designed to make it impossible to get a permenant exemption the the DMCA.  Each and every exemption has to be re-requested every three years with no apparent means for an automated renewal.

The DMCA was never designed to help consumers; it’s always been a way for corporations to define how media is used and by whom.  Some of the most aggregious problems with this Act has been how it’s made rights such as media backup illegal, even though that’s always been a cosumer right and priviledge.  Along with Professor Felten, I can only hope that Congress acts to re-write the DMCA, since the Copyright Office doesn’t appear to be willing to rule on it in a broader sense.

Technorati Tags: security, McKeay, DMCA, Felten

I am more or less back in the land of the living and hope to be posting regularly again.  I was running a fever of 102 for nearly a week and the recovery process has been slow.  I’m far from being back to 100%, but at least I’m somewhere in the 75% range again.  Today is going to be my first day back at work in 10 days, and somehow I don’t think I’ll be able to make it through the whole day.  But I’ve got hundreds of emails that must be deleted … I mean sorted through and thoughtfully replied to.  If you’ve sent me a personal email in the last week, I’ve recieved it and will hopefully be replying over the next few days.

Thanks again for the well wishes, I’ll return you to your regularly scheduled security ramblings now.

Happy Thanksgiving day to everyone out there.  I’m starting to recover from my fever, but I’m glad to have a long weekend of rest.  I hope you get some time to with friends and family over the weekend and thanks to those of you who sent me get well wishes.  The podcast will be back on schedule next week.

I’ve been bed ridden with a fever since Sunday afternoon and can’t create a podcast tonight.  I may have the energy to put it together tomorrow, but if not, I’ll put it off until next week.  So I’m going to get some sleep and drink some more Sunny Delight and hope I feel better in the morning.