The response predicted was the response received, I now know I'm not off my rocker at least.
On Tue, Jul 5, 2011 at 10:05 AM, John Strand <[email protected]> wrote: > lol > > > On Tue, Jul 5, 2011 at 8:58 AM, Mike Patterson <[email protected]> wrote: > >> HOW IS SEKURE NETWORK FORMD >> >> >:\ >> >> On 2011/07/05 10:31 AM, John Strand wrote: >> > Mike, >> > >> > Are you new here? >> > >> > I kid, I kid. >> > >> > John >> > >> > On Tue, Jul 5, 2011 at 8:20 AM, Mike Patterson <[email protected]> >> wrote: >> > >> >> On 2011/07/05 9:08 AM, Ron Gula wrote: >> >>> On 7/2/2011 11:41 AM, Michael Lubinski wrote: >> >>>> Read: >> >>>> >> >> >> http://blog.zeltser.com/post/6479619232/protean-information-security-architecture >> >>>> >> >>>> Knowing this list has a significant amount of pen testers and such, >> what >> >>>> say you? >> >>>> >> >>>> >> >>> >> >>> I really like the emotion behind this concept, but don't like this for >> >>> practical reasons. >> >> [..] >> >>> I don't mind at all having fake targets on the inside of your network, >> >>> but the idea of constantly reconfiguring the data structures and >> servers >> >>> as a method to thwart pen testers is no substitute for patching, tight >> >>> inbound/outbound ACLs, network monitoring and log analysis. >> >> >> >> My first thought was "it must be nice to have the kind of free time >> >> after doing. . ." everything you say, and more, including convincing >> >> sysadmins that yes, the firewall really is there to help you and yes, >> >> you really do need to figure out precisely how that workstation got >> >> popped and writing documentation and helping others to do the same and >> >> responding (or actively ignoring) RIAA/MPAA complaints and figuring out >> >> if the lack of IDS logs is because of a NIC failure, driver bug, OS >> bug, >> >> disk failure, something else, going to meetings with your co-workers or >> >> management... all the other stuff blue-team IT types do on a daily >> >> basis. Or would, if they had 48 hour days. >> >> >> >> And THEN, when you DO have that kind of time, you get to spend MORE >> time >> >> ensuring that your new honeypots don't actually become a vulnerability >> >> themselves. While you convince management that they're necessary, and >> >> try to assuage the fears of NOC monkeys, and... >> >> >> >> OK, yeah, confusing the attacker's well and good, but unless you've got >> >> all the other ducks in a row, you might be finding the root of all evil >> >> - premature optimisation. Lenny's idea is nice in theory, but in >> >> practise, I think it belongs near the bottom of the priority list. >> >> >> >> Mike >> >> _______________________________________________ >> >> Pauldotcom mailing list >> >> [email protected] >> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> >> Main Web Site: http://pauldotcom.com >> >> >> > >> > >> > >> > >> > >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > John Strand > Office: (605) 550-0742 > Cell: (303) 710-1171 > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
