Wednesday, October 10, 2007

Be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Caveman Lawyer

A few weeks ago I recommended security people to at least Be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Caveman and perform basic adversary simulation / red teaming. Now I read Australia's top enterprises hit by laymen hackers in less than 24 hours:

A penetration test of 200 of Australia's largest enterprises has found severe network security flaws in 79 percent of those surveyed.

The tests, undertaken by University of Technology Sydney (UTS), saw 25 non-IT students breach security infrastructure and gain root or administration level access within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 networks of Australia's largest companies, using hacking tools freely available on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet.

The students - predominately law practitioners - were given 24 hours to breach security infrastructure on each site and were able to access customer financial details, including confidential insurance information, on multiple occasions.

High-level business executives from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 companies surveyed, racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than IT staff, were informed of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tests so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "day-to-day network security" of businesses could be tested.
(emphasis added)

Again, my advice is simple, but now it is modified. Be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Caveman Lawyer.

One ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r point from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article:

Most of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 21 percent of companies who passed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 penetration tests owed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir success to freeware Intrusion Detection Systems (IDSs), according to Ghosh.

Snort was mentioned earlier in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article. That means you can be a Cheap Caveman Lawyer and prepare for common threats.

9 comments:

Anonymous said...

Your modern world frightens and confuses me!

When I sighup snort with a new conf file, I wonder if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 text on my monitor is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rantings of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 angry demons living inside my computer. When I am installing a tap in my datacenter, I wonder if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wires under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 floor are actually snakes waiting to attack and eat me. My primitive caveman mind cannot grasp cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se concepts!

Anonymous said...

@Richard

I believe Ajoy Ghosh has confused cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GPL with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exceptionally high “cost” of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 initial build and operation of Snort.

In addition to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hardware costs, which exponentially increase depending on bandwidth, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 initial build of Snort requires a significant level of technical knowledge Snort and its dependent packages, such as libpcap, MySQL, Barnyard, Sguil, etc

Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 operation of Snort is exceptionally high, based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 release cycle of Snort, updating recently released rules with Oinkmaster, writing rules specific to your technical network implementation, responding to alerts, etc. This is exponentially increased with need to repeat cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same procedure for each host dedicated to Snort.

Based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 above, I would be interested if Ajoy Ghosh would publicly state that LogicaCMG would deliver Snort for “free” or reveal his hidden agenda (i.e. LogicaCMG charging "Professional Services" to build and operate Snort)?

Anonymous said...

@cmlh

I don't buy your argument. Snort is no harder to download and install (and probably takes less time and expertise to receive meaningful data from) than Nagios, Sendmail, and so on. It even has a Windows version! You are right that NSM is hard, especially to start, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 you can't argue that it is valuable to practice and can be staged.

Even if hardware costs increased exponentially by bandwidth (which cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y don't) and scaling wasn't 100x easier now that good hardware is largely a commodity (SourceFire boxes watching fast networks are OEM Dells or IBM), I still don't get it. Are you suggesting that closed-source commercial monitoring software takes less hardware to run than Snort? Do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y have some secret alien hardware that we don't?

I am biased because I work in professional services. That said, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is nothing wrong with having a professional come in to help with an installation, provide documentation and knowledge transfer, and ensure that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 client is happy. I'm pretty sure that Mr. Ghosh is not breaking any laws (or even trying to hide his agenda of making money for his employer) by charging a fee to help install widely available software, and I doubt that he is offering to put in NSM.

The bottom line is that Richard is right, this is stuff that a caveman can and should be doing but many businesses (in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 face of due diligence/due care) are not.

Unknown said...

I think Snort has a higher maintenance and people cost than a less-refined but costly IDS/IPS appliance, at least on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 surface.

Often companies pay money up front for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IDS/IPS appliance, pay some money to have someone tune it, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n never look at it again. Up front, that's a lot of cost, but ongoing, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y don't factor much at all for maint or keeping a watch on it.

With Snort, you can get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 license free and run it on some old hardware and not pay a consultant to tune it up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time. That looks awfully lot like zero cost! But you need people in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 organization (or just one) to not just use Snort and know Snort, but also maintain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 nix box it sits on.

Hell, just having a Linux box maintained properly in many orgs is a lot to ask, as most are Windows shops employing Windows admins using Windows tools.

Do I think Snort offers more value overall? Hell yes I do. Does that mean it is an easy sell to a bunch of Windows admins who may be scared or resistent to anything nix? Nope...

Anonymous said...

IMO Snort is considerably cheaper cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n a closed-source appliance solution for about 95% of companies. Its not until you start talking about huge installations of over 50+ sensors at disparate locations like you might have in a fortune 100 company that Snort doesn't scale as well and as cheaply. It requires much more expertise at that level, whereas a closed-source IDS or commercial Snort package is much easier and comes with better support/manageability. Snort can infact be deployed with zero capital cost, on unused, older hardware and on a span port. For a company with no NIDS in place and no budget, its cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best first step you can take. Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idiotic behavior mentioned by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r posters, is moot, because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will still be idiots whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r or not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are running snort or something else. If you not going to tune or monitor your IDS, it doesn't matter what your running. If your a windows guy and you can't figure out how to setup a snort box, you need to consider a career change.

CG said...

ok i'm confused, since when does running snort = a secure server or network

"Most of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 21 percent of companies who passed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 penetration tests owed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir success to freeware Intrusion Detection Systems (IDSs), according to Ghosh."

you sure it wasnt:

"Organizations that couldn't be penetrated typically had Web servers were on hardened operating systems and many had done code reviews on Web pages and installed apps."

isnt snort still an IDS and not an IPS? how did running snort cause cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to pass a pen test?

Richard Bejtlich said...

CG,

I think we are missing some details in this article. I'm guessing that one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 parameters of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 test was time to detection and response. Those who didn't pass failed to detect and respond. Those who were using Snort appeared to have detected and responded to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 activity.

Snort can be operated as an IPS if put inline or if run offline in conjunction with an app like SnortSam or even alone with flexible response.

CG said...

thanks Richard. I agree we are missing some details.

"More than half of those that passed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 penetration test had freeware Intrusion Detection Systems (IDS), notably Snort; we only had two responses from security teams even though sites were down for more than an hour," Ghosh said."

quotes like that i think prove your point.

thanks for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IPS & Snort stuff.

Anonymous said...

In response to something LonerVamp said:
"Hell, just having a Linux box maintained properly in many orgs is a lot to ask, as most are Windows shops employing Windows admins using Windows tools."

This statement is racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r meaningless, considering that properly maintaining a Windows box is just as difficult (or just as easy) as a Linux machine. Most "pure" Windows shops out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re don't even maintain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m correctly, but because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interface gives cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 illusion of "ease of administration" cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 perception is flawed.

Windows often gets slammed as having very weak security, whereas it actually can be just as secure as a Linux box (and a Linux box can be just as insecure as a Windows one) if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 admin is not competent or willing to admin and/or secure it properly.