Charles Gardner’s Effective IT Blog

Over at the Matasano Chargen blog, Thomas Ptacek challenges the conventional wisdom of Defense in Depth by taking to task the comparison of InfoSec and war strategies. Analyzing the analogies we use is an excellent exercise to better refine when and where they truly apply. Defense in depth is a very useful analogy, but as with any trite saying can become diluted and useless when overused.

The best point made in Thomas’ post has to be from Eric Monti:

“It irks me when vendors talk about ‘defense in depth’,” he says, but “I generally take it as good sign when customers do.”

BINGO. The depth mindset is great for implementers, as it shows an honest assessment of the situation. When used correctly, depth shouldn’t be for depth’s sake though.

Why go deep? Generally we recognize a weakness and add another layer to help compensate for the weakness in the first layer. Followed logically, we should be shooting for as shallow a depth as possible while adding something meaningful at each layer. Also logically, we can say that the need for deep layering may represent crappy raw materials. Hence the agreement with Eric’s assertion about vendors.

So, go deep, but not one layer more than absolutely necessary. And if you find yourself getting really deep in it, maybe you need to wonder just what “it” is.

Rants

Basically these are items I’ve flagged over the last few days.  This list is so I don’t forget anything.

• Good Web Design: The Example of Splunk and the Splunk site now
• Revisited: From Zero to Expert in Your “Spare Time” from Fred Avolio’s Musings
• SecureWorld in Atlanta at the end of the month

Other

I setup a new site at www.TampaBaySec.org to handle postings about, well, TampaBaySec.  Hopefully that will grow some legs here and can be a central point of information for the meetings.

Events

I just loaded up Windows Server 2008 into a VM under VMWare Server. I’ve installed one VM as a full load of the OS, and I’m preparing to install a second VM as the “server core” load of 2008 (basically no GUI). To my surprise, it’s gone very well so far. There was only one snafu, and that was easily fixed with a trip to the Google oracle. When the VM first came up, it had no recognized network card. To get a working NIC, add the following to your .vmx file:

ethernet0.virtualDev = “e1000″

Restart the VM, and you’re off to the races.

VMWare, Windows, Windows Server 2008