Security

The Malware economy is a resilient market force pushing more and more risk into the minds of CSOs, CEOs, and the home users. There exists a “collective intelligence” which phishes, spams, DDOS, our systems are currently viewed as a part of the cost of doing business. The attack on Estonia’s government systems, 2007, may be a harbinger for the type of Information Warfare that can exist into context of Unrestricted Warfare. To combat this collective intelligence we still take on the perspective of leverage point source strategies e.g. firewall, NIDS, IPS. What is needed are “distributed sensing” approaches used to fuse data from multiple data sources.

The section of the cave is devoted to a subsection of computer network security, and putting together ideas that may not be totally security related. I feel that it is the system, not the crypto, that makes things secure, and your weakest link in the system that opens holes. With the advent of botnets and global supply chains we always need to keep focused on developing new ideas dealing with network security.

I have used a number of tools in the past based on network flow analysis (e.g. Ourmon, nfsen, and SiLK). I have been using Prelude-IDS for some years and enjoy the idea of a hybrid intrusion detection system. For NIDS I have use both Snort, and Bro, though I have more experience with Snort. I have setup a layer 2 bridge and have used in-line snort to investigate how to block in-going and out-going traffic into a system.

There a number of OS's to research with and prefer FreeBSD, and OpenBSD. But, I do used on linux-based systems to manage data collected with databases like PostgreSQL.

There is too much data out there not to reduce and filter it. There are a number solutions that can be used to focus on specific signatures of exploits. I currently use Prelude-IDS. It is a nice web-based GUI tool that can be used to manage IDS alerts. There exist other open source solutions that visualize data (e.g. etherape). I think there is a need to fuse various types of data together to make it more meaningful.