[aklug] Re: Network Set Up Project

From: Bob Cortez <rjcortez@gmail.com>
Date: Thu Feb 21 2008 - 13:11:10 AKST

On Thu, Feb 21, 2008 at 12:10 AM, Jenkinson, John P (SAIC) <
John.Jenkinson@bp.com> wrote:
> another technique to consider:
> extrusion detection or extrusion prevention.
> using a network tap at the perimeter and something like snort with
> custom signatures to watch for a subset of strings to include
> but not limited to significant passwords, credit card numbers, account
> numbers
> coupled with flow analysis to detect outbound port 25 to non-ISP IPs etc.
> nasty stuff is created new each day and morphs and is encrypted many many
> ways
> but the goal is to get information out. adding extrusion to intrusion
> helps spot problems.
> then use the netflows for forensics.
> then add integrity checking tripwire or AIDE for linux type systems
> regmon, filemon to windows
> run a MAC (Modify Access Create) time analysis on key system files.
>

Well John, that sounds great... I think. It's waaay over my head though.
Are there any white hat hackers in the group that would like to take a shot
at compromising my network? I used the "Shields Up" on-line utility from
Gibson Research Corporation http://www.grc.com/default.htm and passed with
flying colors. The problem is, I don't know if I should trust the results,
because I don't know enough about security issues to know if it tests the
right things or what other ports I should be concerned with.

Thanks for all the input. This has been a very educational project for me.

Bob

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Feb 21 13:11:57 2008

This archive was generated by hypermail 2.1.8 : Thu Feb 21 2008 - 13:11:58 AKST