Posts

Showing posts from January, 2011

Wanted: Incident Handler in Michigan

Image
Do you know how to detect and respond to intruders in a multinational organization? Do you want to join a team with that mission? Are you an experienced information security professional who is looking for a challenge? If your answer to these three questions is yes, please consider applying for the last open Incident Handler role in GE-CIRT . In this role you will mentor intermediate and junior CIRT members and work with some of the best detection and response staff in the world. The role is located at our Advanced Manufacturing & Software Technology Center in located at Visteon Village, Van Buren Township, Michigan. By the end of the month, 19 of my team (about half of GE-CIRT) will be located there. (I have 2 new hires arriving within the next two weeks.) In addition to normal operations there, our extended team meets at the AMSTC facility regularly for training and planning sessions. If you would like more information on the role, apply for job 1259804 and I will revi

Seven Cool Open Source Projects for Defenders

Image
Long-time blog readers should know that I don't rely on tools to defend my enterprise. I rely on people first, followed by tools, then processes. However, today I took a moment to consider the myriad of really cool work happening (mainly) in the open source tool community. When I started counting, I found about seven projects that are likely to help you defend your enterprise. Most of these require some commitment of brainpower and willingness to learn, but I am nevertheless very pleased to see this much innovation on the defensive side. Collectively these projects do not "solve" any problems (nor should they), but I am certain they can help address one or more problems you may encounter -- especially regarding visibility. In other words, these are the sorts of tools (with one or two exceptions) that will help you detect and respond to intruders. These are numbered for reference and not for priority. Charles Smutz recently announced his Ruminate IDS , whose goal is

More on Chinese Stealth Fighter and APT

Image
Since my 27 December post Courtesy of APT , featuring the new Chinese stealth fighter, Aviation Week writer Bill Sweetman wrote more about the development of this aircraft and the support from APT: One question that may go unanswered for a long time concerns the degree to which cyberespionage has aided the development of the J-20. U.S. defense industry cybersecurity experts have cited 2006—close to the date when the J-20 program would have started—as the point at which they became aware of what was later named the advanced persistent threat (APT) , a campaign of cyberintrusion aimed primarily at military and defense industries and characterized by sophisticated infiltration and exfiltration techniques. Dale Meyerrose, information security vice president for the Harris Corp. and former chief information officer for the director of national intelligence, told an Aviation Week cybersecurity conference in April 2010 that the APT had been little discussed outside the classified realm, up to

Happy 8th Birthday TaoSecurity Blog

Image
Today, 8 January 2011, is the 8th birthday of TaoSecurity Blog . I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. 2739 posts (averaging 342 per year) later, I am still blogging. I don't have any changes planned here. I plan to continue blogging, especially with respect to network security monitoring, incident detection and response, network forensics, threat-centric security, and FreeBSD when appropriate. I especially enjoy reading your comments and engaging in informed dialogues. Thanks for joining me these 8 years -- I hope to have a ten year post in 2013! Don't forget -- today is Elvis Presley 's birthday. Coincidence? You decide. The image shows Elvis training with Ed Parker , founder of American Kenpo . As I like to tell my students, Elvis' stance is so wide it would take him a week to react to an attack. Then again, he's Elvis . I studied Kenpo in San Antonio, TX and would like to return to p

The "IT as a Business" Train Wreck

Image
I just read this year-old article by InfoWorld's Bob Lewis titled Run IT as a business -- why that's a train wreck waiting to happen . It reminded me of comments on a CIO article I posted in 2008 as The Limits of Running IT Like a Business . Here I would like to emphasize a few of Bob's points via excerpts from the 2010 article. When IT is a business, selling to its internal customers , its principal product is software that "meets requirements." This all but ensures a less-than-optimal solution, lack of business ownership, and poor acceptance of the results... Tim Hegwood, CIO of MRI Companies, is trying to steer his company's mindset away from a focus on software delivery. "We're still struggling to institute the concept that ' there are no IT projects -- only projects designed to solve business problems ,'" he reports... Larry Sadler, IT service manager at ONFC, experiences similar difficulties. "The 'customer' concept i

To Those Who Want Tim Thomas Books

Image
I continue to be bombarded by questions from readers looking to buy the books by Timothy L Thomas, mentioned in my posts Review of Dragon Bytes Posted , Review of Decoding the Virtual Dragon Posted , and Review of The Dragon's Quantum Leap Posted . As you can see at Amazon.com, they are not available. I hope that the spotlight I'm shining on these books helps Mr Thomas either 1) reprint the books or 2) secure a different publisher who will reprint them. If you want to show your interest in buying these books, I recommend adding a Comment to each my reviews at Amazon.com saying you want to buy the books, but can't find them. I think that is the most direct and visible way to express interest. Tweet

TaoSecurity Lab

Image
In a recent blog comment one of you asked about TaoSecurity lab. This is a collection of my own gear -- nothing associated with my corporate employer. I decided to post the diagram at left in case someone found it useful. To summarize the color scheme: 1) blue (and the blue squiggle) means "wireless access," regardless of the nature of the device (phone, appliance, laptop, etc.); 2) green means Cisco; 3) gray means "appliance"; 4) peach (?) means server; and 5) orange means no IP address (e.g., two dumb taps). The two small purple arrows represent lines running to a sensor for monitoring purposes. As you can see, there are two main segments. The blue devices all connect via wireless to the main network. You could consider the blue devices (and the supported WAP, iTap, and gateway) to be "production." The other devices are all wired, and they are more for "research." In other words, if the Cisco 2651xm router or anything else connected to

VizSec 2011 Call for Papers Open

Image
The call for papers for VizSec 2011 is open. VizSec2011 will be held on the campus of Carnegie Mellon University, on 20 July. Full paper submissions are due 1 April and panel abstract submissions are due 15 April. This is the conference to attend if you're interested in graphical depiction and analysis of security data! I was pleased to provide the keynote last year, but I will not be able to attend this year. Tweet

Starting the New Year Right

Image
Today's a company holiday (odd, but ok), so I figured what better way to start the New Year than to see if my Commodore 64 still works? I bought it in mid-1986, so it's almost 25 years old, and it's been over seven years since I posted My C-64 Rides Again . Since then the monitor I used with my C-64 died, but my dad shipped me his old RBG monitor. Would everything work? Could I access the Internet with it? The answer: YES. As you can see above, I have a C-64c, with a 1541c disk drive. I even have a 1351 mouse, but I decided not to use it. I found the Contiki OS 5 1/4 floppy that shipped with the NIC I bought for the C-64 in 2003. I was able to LOAD "*",8,1 and get Contiki OS running. At right you can see a visit to the Bejtlich.net Web site using the Contiki OS Web browser. Remember this is a 25 year old computer running a 7 year old Web browser. I'd like to try to get a copy of the newest Contiki OS on 5 1/4 floppy to see what improvements have hap