TampaBaySec Tonight!!
May 8th, 2008 by Charles Gardner
<Big Announcer Voice>
Thursday! Thursday! Thursday! Come down and see the monsters of Tampa Bay security as they take the field of battle!
</Big Announcer Voice>
OK, so no ‘battle’ tonight (maybe next month), but TampaBaySec will be meeting tonight at 6pm at the Westshore Starbucks in Tampa. Come and enjoy.
In case you’re not familiar with it, check out the TampaBaySec site for more details.
Defense in Depth Not So Deep?
April 22nd, 2008 by Charles GardnerOver at the Matasano Chargen blog, Thomas Ptacek challenges the conventional wisdom of Defense in Depth by taking to task the comparison of InfoSec and war strategies. Analyzing the analogies we use is an excellent exercise to better refine when and where they truly apply. Defense in depth is a very useful analogy, but as with any trite saying can become diluted and useless when overused.
The best point made in Thomas’ post has to be from Eric Monti:
“It irks me when vendors talk about ‘defense in depth’,” he says, but “I generally take it as good sign when customers do.”
BINGO. The depth mindset is great for implementers, as it shows an honest assessment of the situation. When used correctly, depth shouldn’t be for depth’s sake though.
Why go deep? Generally we recognize a weakness and add another layer to help compensate for the weakness in the first layer. Followed logically, we should be shooting for as shallow a depth as possible while adding something meaningful at each layer. Also logically, we can say that the need for deep layering may represent crappy raw materials. Hence the agreement with Eric’s assertion about vendors.
So, go deep, but not one layer more than absolutely necessary. And if you find yourself getting really deep in it, maybe you need to wonder just what “it” is.
Insecure Magazine 16
April 22nd, 2008 by Charles GardnerYep, Insecure Magazine 16 is already out. And here I am looking at a mostly unread issue 15 on my desktop. D’Oh!! Gotta do some reading….
Links for April 14, 2008
April 14th, 2008 by Charles GardnerBasically these are items I’ve flagged over the last few days. This list is so I don’t forget anything.
- Good Web Design: The Example of Splunk and the Splunk site now
- Revisited: From Zero to Expert in Your “Spare Time” from Fred Avolio’s Musings
- SecureWorld in Atlanta at the end of the month
TampaBaySec.org site
April 9th, 2008 by Charles GardnerI setup a new site at www.TampaBaySec.org to handle postings about, well, TampaBaySec. Hopefully that will grow some legs here and can be a central point of information for the meetings.
Windows Server 2008 in VMWare
April 9th, 2008 by Charles GardnerI just loaded up Windows Server 2008 into a VM under VMWare Server. I’ve installed one VM as a full load of the OS, and I’m preparing to install a second VM as the “server core” load of 2008 (basically no GUI). To my surprise, it’s gone very well so far. There was only one snafu, and that was easily fixed with a trip to the Google oracle. When the VM first came up, it had no recognized network card. To get a working NIC, add the following to your .vmx file:
ethernet0.virtualDev = “e1000″
Restart the VM, and you’re off to the races.
ISC Podcast
March 27th, 2008 by Charles GardnerThe SANS Internet Storm Center has announced a podcast feed. If you don’t follow the ISC Handler’s Diary, you really should check it out. If the podcast meets the content of the Diary, it should be a winner.
Odds & Ends
March 25th, 2008 by Charles GardnerFor quite a while I’ve been keeping several items rolling forward in my blog reader, simply as reminders or bookmarks. I am dumping them here to clean out my Reblog and to ensure I don’t lose them. Some are rather old, some aren’t.
- USB Switchblade - I really want to play around with this.
- Defcon 15 videos
- Anton Chuvakin’s Age of Compliance papers
- Cisco IOS Hints and Trick - Best of 2007 roundup
- Advendures In ParentHood - Safe Internet Surfing - Dansguardian & squid for the home
- Security Monkey’s Engagement Letter template, much goodness to be gleaned
- gotroot modsecurity Rules for Apache from Darknet
- Search IOS Documentation with Google
- Password Cracking Wordlists and Tools for Brute Forcing
- Assessment points off ISC
- Routing Protocol Redistribution
Snort Reports
March 25th, 2008 by Charles GardnerI have been queueing up the last couple of Richard Bejtlich’s Snort Reports in my blog reader, so I decided to hunt up and notate the link for the list of Snort Reports.
Deploying Adobe Reader 8 Whitepaper
March 25th, 2008 by Charles GardnerThere is a good whitepaper over at Adobe about Deploying Adobe Reader 8 that goes into details about unpacking and deploying the Adobe Reader via automated methods, including GPO assignment.