Bears Teach Network Security Monitoring Principles

Every once in a while it's good to be reminded of certain principles. In my first book I outlined three lessons I've learned while monitoring intruders. Sometimes threats in nature provide examples of these lessons.

Sguil developer Bamm Visscher pointed me to these images, which I have cropped and annotated for your network security monitoring enjoyment.

NSM Principle 1: Some intruders are smarter than you are.



NSM Principle 2: Intruders are unpredictable.



NSM Principle 3: Prevention eventually fails.



Hence, the need for monitoring, e.g., these photos!

Thank you to GeekBase for posting these -- I hope you prefer me not linking to the photos directly, thereby saving your bandwidth!

Comments

Anonymous said…
Hilarious, but true! We've all seen it, and/or been subject to it ourselves. Many times, it's due to what we think we know about the infrastructure...

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
Anonymous said…
Hi. Can you change it back so that full posts are in your rss feed? Thanks.
Again, I have not changed anything with my RSS feeds. You can get them from Atom2RSS or Feedburner. Atom2RSS looks like it is giving an error now, but Feedburner is fine.
Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics