[PLUG] [off topic security]
Ronald Chmara
ron at Opus1.COM
Wed Oct 24 05:01:48 UTC 2007
On Oct 23, 2007, at 10:01 AM, Aaron Burt wrote:
> On Mon, Oct 22, 2007 at 09:47:46PM -0700, Ronald Chmara wrote:
>> On Oct 21, 2007, at 2:02 PM, drew wymore wrote:
>>> So Pluggers what do you do?
>>
>> Aw, geez... it really depends on the box, but, well, here some of the
>> requirements for the *really* secure (and yet, publicly networked)
>> boxen I've worked on in the last few years.
> <snip impressive list of security measures>
> Wow. They *really* can't get your Lucky Charms.
<redacted> :P
> Are you at liberty to
> give some indication as to what was being protected,
In the vaguest of terms, discussing the idea: A threat detection and
mitigation system, so if a new global threat or information leak
(say, a 0-day IE bug, or a submarine's coordinates, or a reactor's
design blueprints... whatever) kind of "dangerous traffic" is found
or suspected at 11am, by midnight (or earlier) that same day, a
trusted, tested, QA'd, remedy is put in place on a *massive* scale
across some of the world's most sensitive systems (think TLA) to
detect and trace the violation.
Summarized further, a system to ensure *hardcore* network security,
in close to realtime. Not a whole lot of clients for it, but the
clients who really did need it, would pay a lot for it. Think
BEADWINDOW monitoring on ISO/OSI level 7.
> and from what sort of attacker?
The kind of attackers who would want to compromise hard drives
actually worth thousands or a million dollars each, and sometimes,
have the resources (or skill) to do so. Nations, organized crime,
political entities, red-blue teams, and, of course, bored kids.... :)
Some of my code is running live at some of the sites here, to explain
the scope of my more high-intensity work, and why I'm so focused on
running secure systems at times.:
<http://securify.com/company/clientlist.html>
> Ever interfaced Nagios to your IDS? Or does that just lead to lots of
> false alarms?
Yes, and Yes.
The zen of threats is that *all* threats are real. Some are more real
than others.
-Bop
More information about the PLUG
mailing list