Thats exactly what I thought, something to think about on the way to work.... right next to the gamification of IT right? Lolz.
On Tue, Jul 5, 2011 at 11:49 AM, Butturini, Russell < [email protected]> wrote: > The article isn’t without its merit for interesting and creative ideas, but > in larger environments where SOX, defined outage windows, and change control > are king, this would never fly. And agreed, this would be neat if you had a > security team with time to do these kinds of things, but there’s no way you > could squeeze in comprehensive analysis of your “fake” targets in a normal > day. **** > > ** ** > > Let’s give him credit, it’s food for thought though J**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Michael Lubinski > *Sent:* Tuesday, July 05, 2011 10:53 AM > *To:* PaulDotCom Security Weekly Mailing List > *Subject:* Re: [Pauldotcom] What say you!?**** > > ** ** > > The response predicted was the response received, I now know I'm not off my > rocker at least.**** > > On Tue, Jul 5, 2011 at 10:05 AM, John Strand <[email protected]> wrote:** > ** > > lol**** > > ** ** > > On Tue, Jul 5, 2011 at 8:58 AM, Mike Patterson <[email protected]> wrote:* > *** > > HOW IS SEKURE NETWORK FORMD > > >:\**** > > > On 2011/07/05 10:31 AM, John Strand wrote: > > Mike, > > > > Are you new here? > > > > I kid, I kid. > > > > John > > > > On Tue, Jul 5, 2011 at 8:20 AM, Mike Patterson <[email protected]> > wrote: > > > >> On 2011/07/05 9:08 AM, Ron Gula wrote: > >>> On 7/2/2011 11:41 AM, Michael Lubinski wrote: > >>>> Read: > >>>> > >> > http://blog.zeltser.com/post/6479619232/protean-information-security-architecture > >>>> > >>>> Knowing this list has a significant amount of pen testers and such, > what > >>>> say you? > >>>> > >>>> > >>> > >>> I really like the emotion behind this concept, but don't like this for > >>> practical reasons. > >> [..] > >>> I don't mind at all having fake targets on the inside of your network, > >>> but the idea of constantly reconfiguring the data structures and > servers > >>> as a method to thwart pen testers is no substitute for patching, tight > >>> inbound/outbound ACLs, network monitoring and log analysis. > >> > >> My first thought was "it must be nice to have the kind of free time > >> after doing. . ." everything you say, and more, including convincing > >> sysadmins that yes, the firewall really is there to help you and yes, > >> you really do need to figure out precisely how that workstation got > >> popped and writing documentation and helping others to do the same and > >> responding (or actively ignoring) RIAA/MPAA complaints and figuring out > >> if the lack of IDS logs is because of a NIC failure, driver bug, OS bug, > >> disk failure, something else, going to meetings with your co-workers or > >> management... all the other stuff blue-team IT types do on a daily > >> basis. Or would, if they had 48 hour days. > >> > >> And THEN, when you DO have that kind of time, you get to spend MORE time > >> ensuring that your new honeypots don't actually become a vulnerability > >> themselves. While you convince management that they're necessary, and > >> try to assuage the fears of NOC monkeys, and... > >> > >> OK, yeah, confusing the attacker's well and good, but unless you've got > >> all the other ducks in a row, you might be finding the root of all evil > >> - premature optimisation. Lenny's idea is nice in theory, but in > >> practise, I think it belongs near the bottom of the priority list. > >> > >> Mike > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > > > > > > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com**** > > > > **** > > -- > John Strand**** > > Office: (605) 550-0742**** > > Cell: (303) 710-1171**** > > ** ** > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com**** > > ** ** > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
