Mike, Are you new here?
I kid, I kid. John On Tue, Jul 5, 2011 at 8:20 AM, Mike Patterson <[email protected]> wrote: > On 2011/07/05 9:08 AM, Ron Gula wrote: > > On 7/2/2011 11:41 AM, Michael Lubinski wrote: > >> Read: > >> > http://blog.zeltser.com/post/6479619232/protean-information-security-architecture > >> > >> Knowing this list has a significant amount of pen testers and such, what > >> say you? > >> > >> > > > > I really like the emotion behind this concept, but don't like this for > > practical reasons. > [..] > > I don't mind at all having fake targets on the inside of your network, > > but the idea of constantly reconfiguring the data structures and servers > > as a method to thwart pen testers is no substitute for patching, tight > > inbound/outbound ACLs, network monitoring and log analysis. > > My first thought was "it must be nice to have the kind of free time > after doing. . ." everything you say, and more, including convincing > sysadmins that yes, the firewall really is there to help you and yes, > you really do need to figure out precisely how that workstation got > popped and writing documentation and helping others to do the same and > responding (or actively ignoring) RIAA/MPAA complaints and figuring out > if the lack of IDS logs is because of a NIC failure, driver bug, OS bug, > disk failure, something else, going to meetings with your co-workers or > management... all the other stuff blue-team IT types do on a daily > basis. Or would, if they had 48 hour days. > > And THEN, when you DO have that kind of time, you get to spend MORE time > ensuring that your new honeypots don't actually become a vulnerability > themselves. While you convince management that they're necessary, and > try to assuage the fears of NOC monkeys, and... > > OK, yeah, confusing the attacker's well and good, but unless you've got > all the other ducks in a row, you might be finding the root of all evil > - premature optimisation. Lenny's idea is nice in theory, but in > practise, I think it belongs near the bottom of the priority list. > > Mike > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- John Strand Office: (605) 550-0742 Cell: (303) 710-1171
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
