Monday, August 21, 2006

USENIX Conference Summaries

I've never been happy with any network security visualization tools, but I was pleased to learn of recent work in this area through the latest USENIX publications.

The Security Incident Fusion Tools (SIFT) Research Project at the National Center for Advanced Secure Systems Research (NCASSR) at the University of Illinois at Urbana Champaign (UIUC) looks interesting. USENIX also mentioned Netpy and Netviewer. (Note: updated after helpful blog comment -- thanks Chris.)

It sounds like Tom Limoncelli and I argee about security professionalization and engineers of record:

Tom then asked, "Are best practices the solution?" He made an analogy between electricians versus electrical engineers: a construction project stops rather than do something "not up to code." He claimed that what's missing from this analogy in IT is an inspector who signs off on a project.

I liked seeing more references to the outside world in Brent Chapman's talk about Incident Command for IT.

I also heard of alternatives to Cfengine, namely Bcfg2 and Puppet.

Finally, I enjoyed learning from descriptions of a talk by Akamai's personnel:

The focus of this paper is not on CDN but on Akamai's experience in its seven-year experiment: in particular, keeping its distributed system running using Recovery Oriented Computing [ROC].

In a single day, it is not unusual to lose servers, racks of servers, and even several data centers. The base assumption is that there will be a significant and constantly changing number of component or other failures occurring at all times in the network.

The development philosophy is that their software must continue to work seamlessly despite numerous failures.


ROC sounds like acceptance that failure is inevitable, so plan for it.

4 comments:

Chris Harrington said...

You can get NetViewer source with a video here:
http://dropzone.tamu.edu/~skim/netviewer.html

You'll need MATLAB as well.

--Chris

Chris Walsh said...

If Limoncelli agrees with you about systems admin, you're thinking is very likely to be correct.

If you haven't read his and Christine Hogan's book, (fat chance, but hey), you should. I literally could not put it down. In several hundred pages I found maybe two things I disagreed with.

Richard Bejtlich said...

Agreed.

Richard Bejtlich said...

http://www.taosecurity.com/ics.pdf