[aklug] Re: Network Set Up Project

From: Jenkinson, John P (SAIC) <John.Jenkinson@bp.com>
Date: Thu Feb 21 2008 - 00:10:08 AKST

another technique to consider:
extrusion detection or extrusion prevention.
using a network tap at the perimeter and something like snort with
custom signatures to watch for a subset of strings to include
but not limited to significant passwords, credit card numbers, account
numbers
coupled with flow analysis to detect outbound port 25 to non-ISP IPs
etc.
nasty stuff is created new each day and morphs and is encrypted many
many ways
but the goal is to get information out. adding extrusion to intrusion
helps spot problems.
then use the netflows for forensics.
then add integrity checking tripwire or AIDE for linux type systems
regmon, filemon to windows
run a MAC (Modify Access Create) time analysis on key system files.
________________________________

From: Bob Cortez [mailto:rjcortez@gmail.com]
Sent: Wednesday, February 20, 2008 6:08 PM
To: Jenkinson, John P (SAIC)
Cc: AKLUG
Subject: Re: [aklug] Re: Network Set Up Project

On Wed, Feb 20, 2008 at 8:57 AM, Jenkinson, John P (SAIC)
<John.Jenkinson@bp.com> wrote:

        security has changed
        ther are still a lot of probes looking for vulnerable machines
to be
        sure
        but=20
        the threat landscape now includes iframe, drive-by, xss, etc.
        the malware is java so it runs on any platform. even so remember
lion?
        the goal is to get in, steal your information (quicken, tax
returns,
        online bank/broker login info) without
        tipping you off. remember information gives no indication of
being
        stolen.=20
        relying on one firewall may protect you. may not. defense in
depth.

I've taken basic precautions like firewalls and anti-virus for each box.
No one uses IE or Outlook. I sweep the windows boxes with adaware,
spybot and search and destroy which all also provides some
"immunization" from common bugs and trojans. All attachments and
downloads are scanned prior to opening. My wireless connection is
encrypted. Where I am most uncertain is on the Ubuntu installations and
guarding against ports being compromised. Fortunately, I don't think my
little home network is going to be targeted purposely. :). I just need
to know where our network is vulnerable and work at sealing as many
holes and cracks as I can..

Bob

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Feb 21 00:11:02 2008

This archive was generated by hypermail 2.1.8 : Thu Feb 21 2008 - 00:11:03 AKST