In response to a couple of emails I got from readers in regards to the post about HPSS detecting malicious activity earlier than most NIDS/NIPS I wanted to take a moment and clarify a couple of things. First, HoneyPoint Security Server (HPSS) is not a panacea. It is one component of a network defense. MSI [...]
I had an interesting and odd conversation with some folks today who were trying to determine how fast NIDS would identify potential attacker traffic that was innocent appearing. When I entered the debate, they were deep in conversation that centered around threshold settings in various IDS/IPS products and their recognition of port scanning. They seemed [...]
Please pardon the overt marketing interruption. You can now get your very own HoneyPoint Swag from Cafe Press. If you are interested in showing the world you are helping to change the way Intrusion Detection is done, please feel free to order your merchandise from here. http://www.cafepress.com/honeypoint Also, while we are overtly promoting this morning, [...]
After a discussion today, I wanted to post about a couple of ideas for helping managers keep their security teams engaged in the process. Burn out is a very common thing in infosec, as it is in a lot of IT – especially in organizations today, when there is so much going on and so [...]
How much is it worth to know that a new vulnerability has been found in your organization’s favorite application or operating system? Would you pay $50,000.00 a year for alerts to new exploits or attacker trends? Does knowing that these issues exist give your organization a measurable heads up to prevent damages that you don’t [...]
We are hearing more and more rumblings these days about making PCI the default standard for infosec, and a lot more legal rumblings of making their standards enforceable as state laws. Already Minnesota has passed the standards into law and Texas seems to be next. While I see the PCI standards as a step forward [...]
Our HoneyPoint sensors have been picking up quite a large number of scans for open proxies lately. As usual, much of this traffic is originating in China, where open proxies are used for a number of reasons from spam to political activity to simple uncensored Internet access. Interestingly, we are seeing a pretty decent increase [...]
As I write this, I am sending my final weekly column over to ITWorld. After more than six years, ITWorld and I decided to make some changes to the column and site and as a part of those changes, I will be moving my writing over to the blog and focusing on it more in [...]
I recently came back across a prank that was pulled some years ago against a local news station. Some college students had found out that the school and business tickers that you are probably familiar with, accepted input directly from the news website. All that was required was to sign up, and put in your [...]
On my way in to work this morning I heard a fairly disturbing news report about criminals using basic social engineering techniques to get family members of US military members, that are deployed to Iraq and Afghanistan, to divulge the servicemen and women’s personal information. Here’s how the attack played out: Criminal obtains a list [...]