Archive for March, 2010

Mar 30 2010

Network Security Podcast, Episode 191

Published by under Podcast

Tonight Martin, Rich, and Zach are together to cover the news in a seemingly zonked-out sort of way (busy week for all of us!).  We had our ups and downs tonight but in the end we made it through.  We’d like to extend a big thanks to everyone who took our Listener Survey, we’ve heard you and are working on making some improvements to the podcast over the next several months.  Zach has also created a Facebook page for the Network Security Podcast, so watch for some interesting stuff there in the not so distant future.

Network Security Podcast, Episode 191, March 30, 2010
Time:  25:53

Show Notes:

No responses yet

Mar 23 2010

Network Security Podcast, Episode 190

Published by under Podcast

Tonight Zach and Martin were joined by Josh Corman of the 451 Group.  Rich is off on a plane somewhere and couldn’t join us tonight, so we invited Josh to spend some time talking about this week’s stories as well as his own project, the Rugged Software Manifesto.  Rugged is still in it’s infancy, but it’s an idea based on raising awareness in the software developers outside the security community and getting them to realize that they need to anticipate that their software will be used in ways it was never intended for.  Josh is starting to build some momentum for Rugged and we’ll hopefully be hearing more about it in the future.  We got a little caught up on several of the stories so this episode is a bit longer than usual. 

Network Security Podcast, Episode 190, March 23, 2010
Time:  45:42

Show Notes:

No responses yet

Mar 16 2010

Network Security Podcast, Episode 189

We’ve been hearing about the Aurora attacks on Google and a host of other companies since early January.  So why is it that NSS Labs is finding that the majority of the End Point Protection (aka AV) companies aren’t protecting against the vulnerability yet?  And why is AVG upset with NSS Labs and their testing methods? To answer these questions and many more, Rich and Martin were joined tonight by Vikram Phatak, the CTO of NSS Labs.  Vik gave us some of the back story on why they were testing AV products and some of the surprising discoveries they made.  It’s not easy being an independent testing company and sometimes you’re going to annoy people despite your best efforts.  And sometimes people are going to be annoyed with you no matter what.

One point Vik wanted to make that didn’t make it into the podcast is that the 0day that was used in the Aurora attack is not just being used against corporate targets.  It’s being used against consumers as well, so it’s important that the average home user be aware that their AV product may not be protecting them at this point.  What is part of the podcast is a discussion of how many AV vendors are trying to protect against the payload that malware is attempting to deliver, not the exploit itself.  Both are important points people need to be aware of.

Network Security Podcast, Episode 189, March 16, 2010
Time:  39:56

Show Notes:

2 responses so far

Mar 15 2010

The Great PCI debate, with special guest appearance

Published by under PCI,Video

Unluckily, the only time I was able to make it down to SF Bsides was for the Great PCI Debate, part 2.  Luckily, all the rest of the presentations that went on there are available via Ustream.  Of course, I still say the Great PCI debate was the most important presentation, partly because it contains guest spot by me (and several examples of me yelling from the sidelines).  There was a momentary glitch where the video stream was lost for a minute or two, which is why it’s in two separate parts.  In any case, watch my friends, Jack Daniel, Josh Corman, Andy Ellis, Michele Klinger and Anton Chuvakin discuss compliance in general, not just PCI.

No responses yet

Mar 15 2010

Mykonos: WAF, IPS or honeypot?

Published by under Firewall,Hacking,Testing

I’m not an expert on web application firewalls, which is why I’m asking for feedback on the Mykonos Security Appliance.  I was given a demo of the product at the RSA Conference this year and it’s one of the few products I’ve seen lately that’s doing something new and innovative.  Or more accurately, it appears to be doing something new and innovative; it’s still in beta and this is a technology that’s outside my comfort zone.  If you’re someone with an expertise in WAF’s, it should be worth at least a short look.

In a lot of ways, Mykonos appears to be a standard WAF; it can be used to protect your site from many of the standard coding errors that a WAF is designed to deal with.  It addresses the OWASP Top 10, it has all the reporting capabilities to tell you something’s wrong; in this area it doesn’t appear to have a lot of extra punch you can’t get elsewhere.  The place it does start to have some distinguishing capabilities is in the tracking, categorizing and response to malicious attacks on your web site.

You want to know more about who’s probing your web site?  Mykonos will dynamically modify the code your site is serving to get you more information on who’s attacking.  It’ll tell you about the level of sophistication of the attacker, whether they’re just trying to manipulate a price in the shopping cart, if they’re trying a SQL injection attack or if they’re working on something at the higher end of the attack scale.  And it gives you a lot of choices about how you want to respond; simply block the user, send custom code telling them they’ve been identified and logged or act as a honeypot to get even more information about the attacker and how he’s planning on attacking your site.  The tracking and information gathering abilities seem to be pretty impressive and it may be worth looking at for that alone.

Mykonos looks like more than a plain vanilla web application firewall and the downside to that is it requires more work from the administrator and more work from your developers to make full use of it’s capabilities.  This also means it’s potential for becoming shelfware is much greater as well.  But if you’re looking for more than what a standard WAF offers, it might be worth looking at this product.  And once you do, I’d appreciate feedback on your impression of the product.  Is Mykonos a potential new product market, a single product with greater capabilities or just a flash in the pan that won’t amount to much?

One response so far

Mar 14 2010

Listener Survey for the podcast

Published by under Podcast

We’re trying to get some background information about who our listeners are, where they sit in their security careers and what we can do to improve the Network Security Podcast.  We’d really appreciate it if you can take 5 minutes or less to fill out the survey and tell us how we can serve your needs better.  This is the first time we’ve done this, so the questions may not be the best phrased, but hopefully you’ll get the idea.  You can probably guess some of the reasons we’d be interested in this information.

Click here to take the Network Security Podcast survey

No responses yet

Mar 12 2010

Video from the first day of RSA2010

Published by under PCI,Video

I’d almost forgotten that David Spark ambushed Ben Tomhave, Andrew Storms and me with a video camera on the first day of RSA last week.  I think we literally hadn’t even had the time to get more than 10 steps beyond the escalator when David found us.  Which is my way of saying none of us had any idea what was gong on at the convention yet, we were just talking off the top of our head.  Was this really only a week and a half ago?  I didn’t end up seeing a lot of tokenization at RSA, though I did get to talk to some of the key players about end to end encryption.

5 responses so far

Mar 09 2010

The Network Security Podcast, Episode 188

Published by under Blogging,Podcast

Can you hear that? That’s the sound of air escaping as we all finally recover from the RSA conference. Rich and Martin are back, and Zach… never left (but did celebrate a birthday last week). We do a quick recap of RSA and then dig into the security news… much of which had nothing to do with the conference. Weird.

Network Security Podcast, Episode 188, March 9, 2010
Time:  32:01

Show Notes:

3 responses so far

Mar 08 2010

RSAC2010: Sourcefire

Published by under IDS,Podcast

Snort was one of the first security tools I ever used.  When I was working in a small computer lab years ago, I set up a Snort sensor just to see what was there.  And there was a lot in that particular environment.  I’ve used it many times since then and I found out at RSA that the first Sourcefire implementation I performed is still in place, basically unchanged since I left.  This is why I always take the opportunity to talk to Marty Roesch at Sourcefire if I can at RSAC.  This time I got a chance to talk to him about the omnipresent APT (he prefer’s using the term APA, coined by @nselby and others), the security existential crisis, the work Sourcefire is doing with Immunet, the Cloud and Sourcefire’s virtual appliances.  All that noise you hear in the background is the Securosis Recovery Breakfast. 

NSP-RSAC2010-Sourcefire.mp3

No responses yet

Mar 08 2010

RSAC2010: ISC2

Published by under CISSP/ISC2,Podcast

I’ve been a member of the International Information Systems Security Certification Consortium [(ISC)2] for nearly a decade; I passed my CISSP test in November of 2002 and don’t have to worry much about CPE’s until at least 2011.  So when I was offered an opportunity to talk to Hord Tipton, Executive Director of the (ISC)2, I didn’t hesitate to take them up on the offer.  We started off easy, talking about what’s new at the (ISC)2, and the Safe & Secure Online Program.  Then we moved on to the harder questions, like “What have you done for me lately?” and “What are you doing about people who shouldn’t be CISSP’s in the first place?”  The (ISC)2 is never going to make all of us who are certified happy, and that they are taking some steps to address concerns about unqualified practitioners, but it’d be nice if they were a little more public about it.  Oh, and you’ll hear at the end that the (ISC)2 definitely accepts listening to podcasts for CPE’s.  I forgot to ask about producing them.

NSP-RSAC2010-ISC2.mp3

One response so far

Next »