Friday, February 24, 2006

Bears Teach Network Security Monitoring Principles

Every once in a while it's good to be reminded of certain principles. In my first book I outlined three lessons I've learned while monitoring intruders. Sometimes threats in nature provide examples of these lessons.

Sguil developer Bamm Visscher pointed me to these images, which I have cropped and annotated for your network security monitoring enjoyment.

NSM Principle 1: Some intruders are smarter than you are.



NSM Principle 2: Intruders are unpredictable.



NSM Principle 3: Prevention eventually fails.



Hence, the need for monitoring, e.g., these photos!

Thank you to GeekBase for posting these -- I hope you prefer me not linking to the photos directly, thereby saving your bandwidth!
Posted by at
Labels: , ,

4 comments:

Keydet89 said...

Hilarious, but true! We've all seen it, and/or been subject to it ourselves. Many times, it's due to what we think we know about the infrastructure...

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

7:16 AM
Anonymous said...

Hi. Can you change it back so that full posts are in your rss feed? Thanks.

11:41 AM
Richard Bejtlich said...

Again, I have not changed anything with my RSS feeds. You can get them from Atom2RSS or Feedburner. Atom2RSS looks like it is giving an error now, but Feedburner is fine.

1:20 PM
adware said...
This comment has been removed by a blog administrator.
12:41 PM

Post a Comment

Subscribe to: Post Comments (Atom)