Showing posts from 2021

Zeek in Action Videos

This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.

New Book! The Best of TaoSecurity Blog, Volume 4

  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol

The Origins of the Names TaoSecurity and the Unit Formerly Known as TAO

  What are the origins of the names TaoSecurity and the unit formerly known as TAO?  Introduction I've been reading Nicole Perlroth's new book This Is How They Tell Me the World Ends . Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were upset that I was operating using the name TaoSecurity. In the 2000s and early 2010s I taught classes under the TaoSecurity brand, and even ran TaoSecurity as a single-person consultancy from 2005-2007.  The purpose of this post is to explain why, how, and when I chose the TaoSecurity identity, and to show that it is contemporaneous with the formal naming of the TAO group. The most reliable accounts indicate TaoSecurity predates the TAO brand. TaoSecurity Began with Kung Fu and Taoism With Sifu Michael Macaris, 21 June 1996 In the summer of 1994, after graduating from the Air Force Academy and

Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem

Proposition Digital offense capabilities are currently net negative for the security ecosystem.[0] The costs of improved digital offense currently outweigh the benefits. The legitimate benefits of digital offense accrue primarily to the security one percent  ( #securityonepercent ), and to intelligence, military, and law enforcement agencies. The derived defensive benefits depend on the nature of the defender. The entire security ecosystem bears the costs, and in some cases even those who see tangible benefit may suffer costs exceeding those benefits. The Reason Limitations of scaling are the reason why digital offense capabilities are currently net negative. Consider the case of an actor developing a digital offense capability, and publishing it to the general public.  From the target side, limitations on scaling prevent complete mitigation or remediation of the vulnerability. The situation is much different from the offense perspective. Any actor may leverage the offense capability a