tag:blogger.com,1999:blog-4088979.post4411093373407933989..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Ten Themes from Recent ConferencesRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger14125tag:blogger.com,1999:blog-4088979.post-73046893582033268462009-02-10T03:48:00.000-05:002009-02-10T03:48:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-41765292527760926032008-04-24T13:15:00.000-04:002008-04-24T13:15:00.000-04:00Hey Richard!I like the list, esp. #9. Question fo...Hey Richard!<BR/><BR/>I like the list, esp. #9. Question for you - do you feel like your #10 "Use Blue and Red Teams to measure and validate." is either distinctly different or in opposition to MJR saying that "Penetrate and Patch" is a dumb idea?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-28038807229117627722008-04-18T13:22:00.000-04:002008-04-18T13:22:00.000-04:00Nice list. But I think you left the most important...Nice list. But I think you left the most important aspect of security out - Personnel. I worked in a health care facility. It was one of 20 nationwide. The IT Director could not tell you what a byte was or what RAM stood for. My co-worker a LAN admin there for 10 years was worried about job security. Anyone they hired to work with her had "mysterious" issues with their computer. I got tired of repairing mine so I simply made an image and reimaged it every week or two when she purposely corrupted it. My predecessor suggested installing cameras over the computers! Like that would help. This IT Director and LAN Admin were at the top in charge of network security. In this environment your list would be meaningless. Sad to say but this is not isolated.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-55122158759563673092008-04-18T13:07:00.000-04:002008-04-18T13:07:00.000-04:00"Less Totality, more Sampling. In security, someth..."Less Totality, more Sampling. In security, something is better than nothing. Instead of worrying about determining the trustworthiness of every machine in production,"<BR/><BR/>I disagree. Most major breaches have occurred because of oversight involving one machine. The one machine you do not worry about is the one a late night cleaning crew person or security guard will plug a keylogger into the back of or use to browse infected pornography sites.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-32979302942722985762008-03-23T15:15:00.000-04:002008-03-23T15:15:00.000-04:00@Jim, @Km,We whitelist at the datafile level on a ...@Jim, @Km,<BR/><BR/>We whitelist at the datafile level on a per user basis. This provides an effective solution for the endpoint device issue as device usage is allowable only in the context of the data access request.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-19097508011714391532008-03-22T21:54:00.000-04:002008-03-22T21:54:00.000-04:00@keydet89 - This looks like a pretty usable list t...@keydet89 - This looks like a pretty usable list to me! I think a pretty big company could pick those up and use them as guiding principles for a security strategy, don't you?<BR/><BR/>@vic - Good site...would be nice to see it expanded to include as many InfoSec events as, say, Homeland Security, etc.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-14983148396751086902008-03-21T17:47:00.000-04:002008-03-21T17:47:00.000-04:00English, guys, English. Have mercy on us poor eve...English, guys, English. Have mercy on us poor everyday web professionals (developers, street level system admin's, etc.) and hold a conference somewhere that ties everything in a package we can take home at the end of the week, <B> and implement on the spot</B>!<BR/><BR/>Vic Fichman<BR/>http://www.securityevent.netAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-7318943212105121322008-03-21T11:58:00.000-04:002008-03-21T11:58:00.000-04:00Chris L, I have heard of some .com's looking at FD...Chris L, I have heard of some .com's looking at FDCC for the very reason you cite -- why duplicate effort?Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-79342768389934850122008-03-21T11:41:00.000-04:002008-03-21T11:41:00.000-04:00Any idea whether the FDCC has begun to spill over ...Any idea whether the FDCC has begun to spill over into the private sector or is it primarily restricted at this time to federal organizations?<BR/><BR/>On a related note, the more I learn about what the US government is doing with respect to common desktop configurations and standardizing server security, the more I feel my own organization (a manufacturing company) is really just reinventing the wheel (and not always very effectively).Ceehttps://www.blogger.com/profile/15820464039934352056noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-13230420112170553162008-03-20T16:08:00.000-04:002008-03-20T16:08:00.000-04:00Joe,I haven't seen anything formal in this area......Joe,<BR/><BR/>I haven't seen anything formal in this area... it is being done right now by USAF hunter-killer teams though.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-6701319512027951352008-03-20T16:06:00.000-04:002008-03-20T16:06:00.000-04:00Richard,Do you know of any examples of effective "...Richard,<BR/><BR/>Do you know of any examples of effective "System Integrity Analysis"?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-61578592410595907922008-03-20T15:16:00.000-04:002008-03-20T15:16:00.000-04:00Whitelist the approved apps. That will go a long w...Whitelist the approved apps. That will go a long way -- basically the first line of defense.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-9589747380009836852008-03-20T06:04:00.000-04:002008-03-20T06:04:00.000-04:00Great stuff - now we just need someplace where a D...Great stuff - now we just need someplace where a Dir, InfoSec or CISO can go and translate this into something they can use.<BR/><BR/>Also, <B>Less Enterprise Protection, more Enterprise Defense.</B> I have to say, right now I'm not seeing it. Based on incidents I've responded to over the past, say, 2 yrs, my feeling on this is that you can't say that something isn't working and we have to do something else, when the first thing isn't being done right. If the boxer is to tired or clueless to raise his hands to block his face, how are you going to get him to side-step, duck and weave and use dynamic defenses?<BR/><BR/>Over the past year, I've seen more than a couple of intrusions that were the result of SQL injection attacks. The intrusions went on for some time before anyone was aware that there was someone else "in the room". When the victim was notified that the issue might be SQL injection, they had no idea where to start looking for logs. <BR/><BR/>If the boxer's basic instinct isn't going to kick in, how are you going to teach him dynamic defense?H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-8347506186764359652008-03-19T22:37:00.000-04:002008-03-19T22:37:00.000-04:00On the subject of Blacklist/Whitelist, I agree 100...On the subject of Blacklist/Whitelist, I agree 100%. I have been saying for a while that there is more bad then good in the world, so if we are going to enumerate something, lets go with the smaller item.<BR/><BR/>There is a reason firewalls are default deny. That needs to be applied to everything.Anonymousnoreply@blogger.com