Courses:

Offensive Countermeasures: The Art Of Active Defense: SANSFIRE June 15-16, Blackhat USA July 27-28 & 29-30


Defensive Countermeasures: Foundations for Becoming A Devious Defender: Blackhat USA July 27-28 & 29-30


Conferences:

Check out the entire PaulDotCom crew at BsidesRI June 14-15th!



Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom EspaƱol


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com


www.sans.org



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


Security and Ultra Violence

By
John Strand
on April 8, 2011 12:54 PM |

Yes, this article suggests not using a firewall. Its a bit scary, I know. The article states: "In many cases a large number of unnecessary and insecure services are running on the network, but are only hidden by a firewall." Aha, so true, something we've discussed a lot in the past. Someone tested this theory, and guess what, they are doing okay (at least as far as they know). Guess what? They used systems hardening? Guess what? They used simple and easy to manage protocols and stayed away from proprietary stuff. Configuration management is important. If you spent more time on configuration management, and borrowed time from firewall management, you'd have a more secure network. If you had a baseline system, and re-imaged systems that did not meet the baseline, you'd have a more secure network.

We have discussed this from a mental-exercise perspective on the show a number of times in the past. While we look at this as an effective mechanism for thinking about attacks and defenses, it is not something we at PaulDotCom recommend. Rather, we have another approach. Anytime someone says, "A firewall/AV/IPS will protect us," they get one free punch in the face. I know what your thinking, "We cant give punches in the face away for free!!" And, I understand. However, I think in the long run it will start to reshape the day you think about securing your applications and systems. And maybe, just maybe people will stop saying security technologies will save them.

clockw3.jpg
At the very least the violence will be satisfying
Like sweet, delicious milk..

So, here's your homework: Take a group of systems that exist on your network, figure out what they do, configure them as such, then monitor for changes. Organizations that can do this well will be "resilient to 0day attacks" and "catch the latest malware", with very little help from vendor products. Marcus Ranum tells a great story about the CSO of a major retailer. They use imaging software on all their cash registers. They know exactly what files are created and what behavior is normal. If one falls out of that, makes a random connection or creates new files or processes, its re-imaged immediately.

At the very least, you will be alerted to the change quickly... And that counts for something.. Right?

PaulDotCom and John Strand

Originally discussed during episode 238

John Strand will be teaching SANS 660 Advanced Network Penetration Testing and Metasploit for Penetration testers This April in Reston, VA April 15 - 23.