[PLUG] [off topic security]

Ronald Chmara ron at Opus1.COM
Wed Oct 24 05:01:48 UTC 2007 

On Oct 23, 2007, at 10:01 AM, Aaron Burt wrote:
> On Mon, Oct 22, 2007 at 09:47:46PM -0700, Ronald Chmara wrote:
>> On Oct 21, 2007, at 2:02 PM, drew wymore wrote:
>>> So Pluggers what do you do?
>>
>> Aw, geez... it really depends on the box, but, well, here some of the
>> requirements for the *really* secure (and yet, publicly networked)
>> boxen I've worked on in the last few years.
> <snip impressive list of security measures>
> Wow.  They *really* can't get your Lucky Charms.

<redacted> :P

> Are you at liberty to
> give some indication as to what was being protected,

In the vaguest of terms, discussing the idea: A threat detection and  
mitigation system, so if a new global threat or information leak  
(say, a 0-day IE bug, or a submarine's coordinates, or a reactor's  
design blueprints... whatever) kind of "dangerous traffic" is found  
or suspected at 11am, by midnight (or earlier) that same day, a  
trusted, tested, QA'd, remedy is put in place on a *massive* scale  
across some of the world's most sensitive systems (think TLA) to  
detect and trace the violation.

Summarized further, a system to ensure *hardcore* network security,  
in close to realtime. Not a whole lot of clients for it, but the  
clients who really did need it, would pay a lot for it. Think  
BEADWINDOW monitoring on ISO/OSI level 7.

> and from what sort of attacker?

The kind of attackers who would want to compromise hard drives  
actually worth thousands or a million dollars each, and sometimes,  
have the resources (or skill) to do so. Nations, organized crime,  
political entities, red-blue teams, and, of course, bored kids.... :)

Some of my code is running live at some of the sites here, to explain  
the scope of my more high-intensity work, and why I'm so focused on  
running secure systems at times.:
<http://securify.com/company/clientlist.html>

> Ever interfaced Nagios to your IDS?  Or does that just lead to lots of
> false alarms?

Yes, and Yes.

The zen of threats is that *all* threats are real. Some are more real  
than others.

-Bop

More information about the PLUG mailing list