Friday, February 24, 2006

Bears Teach Network Security Monitoring Principles

Every once in a while it's good to be reminded of certain principles. In my first book I outlined three lessons I've learned while monitoring intruders. Sometimes threats in nature provide examples of these lessons.

Sguil developer Bamm Visscher pointed me to these images, which I have cropped and annotated for your network security monitoring enjoyment.

NSM Principle 1: Some intruders are smarter than you are.



NSM Principle 2: Intruders are unpredictable.



NSM Principle 3: Prevention eventually fails.



Hence, the need for monitoring, e.g., these photos!

Thank you to GeekBase for posting these -- I hope you prefer me not linking to the photos directly, thereby saving your bandwidth!

4 comments:

Keydet89 said...

Hilarious, but true! We've all seen it, and/or been subject to it ourselves. Many times, it's due to what we think we know about the infrastructure...

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

Anonymous said...

Hi. Can you change it back so that full posts are in your rss feed? Thanks.

Richard Bejtlich said...

Again, I have not changed anything with my RSS feeds. You can get them from Atom2RSS or Feedburner. Atom2RSS looks like it is giving an error now, but Feedburner is fine.

adware said...
This comment has been removed by a blog administrator.