An âout-of-band network tapââa device that monitors network activity and produces logs that can record anomalous activityâplus a smart system administrator who actually reads the logs and pays attention to what they say
So basically weâre screwed.
yeah BYOD is such a fucking fantastic idea. FOR THE BAD GUYS.
That advice is one of those âbrush your teeth after every mealâ sort of things. We all know we should, most of us donât.
Admins, lets make this Read Our Logs day
well the logs are so much noise over signal most of the time. what any good IT shop should have in place are scripts that parse them for you and ticket you for the anomalies. (cause I am not gonna be reading logs for 10K boxes manually)
of course
how bout Splunk Anomaly Detection day?
I greet this information with a rather gargantuan grain of salt. Why the EFF would the head of one of the most secret and apparently effective units in the NSA be giving instructions to ANYONE other than his own folks and behind heavily secured doors? If the idea is to release information that would benefit business and techie-level users, why not have someone at NIST do it? I donât consider myself a conspiracy-minded person (itâs not paranoia if you know itâs true), but this seems a little too cheap and easy, and suggests to me that theyâve already got shit that can defeat all the âcountermeasuresâ he discusses.*
*Gonna watch the vid later, but my initial skepticism stands.
EDITS:
**Meant âread the articleâ later, which I did. And, I remain skeptical. And at the end of his talk, Wired noted, with irony, that he posted a QR code up on the screen:
He ended his talk with a slide showing a huge QR code, which got a laugh.âAnybody holding up a camera?â Joyce asked. âWhoâs gonna [photograph] the QR code from the NSA guy?â
QR codes are one way hackers attack systems by sending their browser to a malicious web site where malware is downloaded to it. Joyce, however, said his QR code was on the up-and-up and would take visitors to a legitimate NSA web site for more information. â[T]hat is a real link,â he said. âTrust me.â
Trust me, ha ha ha, no really, itâs all guud, right? Ha ha, trust me. JFC.
interestingly enough he just went short on Steam a few days before giving this talk.
well where I work they are paranoid. if clear case wasnât so dumb and required a userid/password as well as admin rights to run properly i would have neither.
till i came to this group even as a server admin i didnât have local admin rights on my laptop. both my normal and admin account (for server access) are smart badge+pin with the ability to get a short term random password for tools that still require it.
i am a contractor/supplier but i have to use a machine provided by who i actually do work for rather than who gives me a paycheck because i access the servers and security says no to me using another machine.
in all it works out we donât need the admin rights locally as they have spiffy tools for installing software that will elevate permissions just for the install and we can get approved short term for any other software that canât be installed that way (and is approved).
so yeah i just kinda boggle at all the BYOD hype as all it does to me is say SECURITY NIGHTMARE⌠but then maybe i have worked in an company that has SOX, ITAR, EAR, HIPAA, PII, issues to wrangle⌠and hey PII reminds me when I had access to the servers that had PII data (and we never had direct access to the data) I had the laptop scanned every 3 months, had to register the asset tag every 6 months and get a background check every 2 years.
in other fun news i get to stick with lotus notes for employer email for the immediate future because my actual employer in switching to exchange just contracted to the microsoft generic cloud service which of course i canât use because of ITAR and EAR. smart move executives. way to think things through.
So a little bit of basic common sense, and a bunch of stuff that is very standard security best practices, but that nobody actually wants to do because itâs a huge pain in the ass for everyone who has to use that network.
Thatâs actually a pretty cool idea for organizations that can afford it. As an individual, I canât see bothering with something like that unless I had a very good reason to think that the NSA had a particular interest in me, personally, which I donât.
Good to know you can post a long opinion without reading the article firstâŚ
check! now if youâll excuse me i have to go examine my logsâŚ
Well if thatâs how youâre going to roll, please donât post any pictures of them.
WellâŚif thatâs how you feel you definitely shouldnât visit http://www.ratemypoo.com/
The internet has some pretty crazy stuffâŚseriously, donât visit unless you really really want to see strangers poop. cannot be unseen.
A long opinion that, quite frankly, did not require reading anything other than Coryâs writeup. Do you have a critique of what I wrote, or were you just killing time?
Yeah, my critique is âRead the fâing article and then post.â
What read the article? In full? Sorry I hung out on slashdot way too long for that to be a habit.
Allow me to give my opinion and ask my questions which are actually discussed in the piece I failed to read!
IF you read what I wrote, all of it, then it might occur to you that my comment did not require an entire examination of the Wired article, as it offered no further information regarding my initial question.
Here is a shoulder. Feel free to cry on it:
This topic was automatically closed after 5 days. New replies are no longer allowed.