On 7/2/2011 11:41 AM, Michael Lubinski wrote: > Read: > http://blog.zeltser.com/post/6479619232/protean-information-security-architecture > > Knowing this list has a significant amount of pen testers and such, what > say you? > >
I really like the emotion behind this concept, but don't like this for practical reasons. It really seems like this is a "get secure quick" gimmick such as loosing weight where patch management & log monitoring is akin to diet and exercise. I don't mind at all having fake targets on the inside of your network, but the idea of constantly reconfiguring the data structures and servers as a method to thwart pen testers is no substitute for patching, tight inbound/outbound ACLs, network monitoring and log analysis. Having some realistic target honeypot targets is a great indicator, but no guarantee that your domain controller didn't just get owned. -- Ron Gula, CEO Tenable Network Security http://www.tenable.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
