>From the looks of the screenshots, it has a sort of "wizard" feature to help users (er, administrators) create their firewall policies... one feature I noticed is a drag-and-drop re-ordering of rules. --Although, I don't exactly see the "gold" in this, I think Bob is suggesting that security needs to be more *simple* for those who don't think naturally in iptables dialect... or any other techspeak, for that matter.
On a related note, I just read a review for Omnisight, an enterprise log-file analysis framework, in the Sept. 1 InfoWorld (free sub), and was flabberghasted. They go on about the impressive performance of the system, which costs a mere $124K, but don't mention the specs of the system they run their huge queries on. The framework inserts logs into SQL, where analysis is easy (as SQL allows, at least). What bugs me is that this seems like nothing -- it requires significant development to input and analyze any given logfiles (to form the desired DB structure, then to build reports thereupon), so I don't see why it is worth so much. It does seem to offer, built in to the "framework", cluster-friendly management and reporting... but gah, the basics seem so free already, and if anyone is paying a couple developers to do this, plus 1 or 2 salaries for the framework, sheesh. Shame on them? Sounds like an easy webmin module to me!! So the connection is that users and C-class employees tend to be *VERY* distant from the simple truths they rely on. Appropriate technology solutions should be actively closing that gap. It has a lot to do with education, of course; and given the complexity of modern-day machinery, we've got a long way to go. Consider your average analog telephone -- you can push the hang-up switch with your finger, and easily observe the fact that your handset transciever is disconnected when it is depressed. Now for a fun story, slightly related: While observing the network operations at burning man roughly a week and a half ago, there were some problems, which were somewhat mysterious (Clif might clarify, though) -- someone had some kind of virus or worm on their windows system which somehow damaged the [debian] router's ability to maintain TCP routing; although UDP kept working fine, so the VoIP phones kept working perfectly. It was hard to figure out, and annoying since the router apparently had to be reset often (down to every 5 minutes at the worst times) in order to keep TCP working. I, for one, would like to see better stateful (and session-based) monitoring at the router/gateway level. Anyone have any suggestions? I know IBM has done a good amount of work on "self-healing" systems, I think I am indeed looking for something like that -- maybe even a gkrellm plugin to correlate performance anomalies. It doesn't have to be fully self-healing (if that's even possible, aside from hardware watchdogs!) but should be like snort on a higher level. Is this application waiting to be written, or is it out there? Thanks for putting up with another lengthy post, Ben PS - There is going to be a couple security-type events in Portland, coming up: the ISSA Sept. meeting is "Anti-spam Solutions: Email Protection & Security", 3-5pm on Thurs, Sept 18; and the other is "How Your Business Will Change: DHS, Wireless, and Secure Software" on Sept. 25th, from 8a-12p. Original message announcements are attached... On Tue, 9 Sep 2003 13:36:47 -0700 Cory Petkovsek <[EMAIL PROTECTED]> wrote: | On Tue, Sep 09, 2003 at 10:02:33AM -0700, Bob Miller wrote: | > I've long thought that the firewall rules we write are too far | > removed from the security concepts we think about, and I'm happy to | > see someone trying to close the gap. | | What do you mean? You don't think like this? | (sufficient 2-line firewall): | | iptables -P INPUT DROP | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | | Seriously, what do you mean? | | Cory | | -- | Cory Petkovsek Adapting | Information Adaptable IT Consulting | Technology to your (541) 914-8417 | business | [EMAIL PROTECTED] | www.AdaptableIT.com | _______________________________________________ | EuG-LUG mailing list | [EMAIL PROTECTED] | http://mailman.efn.org/cgi-bin/listinfo/eug-lug
Sent: Friday, September 05, 2003 11:25 AM To: ISSA-Portland-OR (E-mail); ISSA-PDX-BOARD (E-mail) Subject: ISSA-Portland September meeting announcement "Anti-spam Solutions: Email Protection & Security" Date: Thursday, September 18, 2003 Time: 3:00 PM to 5:00 PM Location CNF - 2055 NW Savier Street, Portland Registration There is no cost to current ISSA members, trial members, or guests. Agenda Panel Members Guest speakers from Symantec, FrontBridge, Easystreet, & Anitian will discuss techniques for managing the growing costs of spam and protecting the mission-critical service that e-mail has become in the corporate environment. Please visit our website for more information www.issa-portland.org. 3:00 - 3:20 PM Registration and Networking. 3:20 - 3:30 PM Call to Order, Welcome, Announcements, and General Business Items. 3:30 - 3:40 PM Moderator Glenn Meyer: Overview of the Spam Problem 3:40 - 4:40 PM Panel Discussion 4:40 - 4:55 PM Q & A 4:55 - 5:00 PM Final Announcements 5:00 PM Adjournment 5:00 - 5:30 PM Networking If you have questions or need more information please contact us. Thank you Tim J. Sandage, ISSA-Portland President www.issa-portland.org
Subject: September 25th Meeting Announcement - "How Your Business Will Change: DHS, Wireless, and Secure Software" Meeting Announcement "How Your Business Will Change: DHS, Wireless and Secure Software" When: September 25th, 2003 From 8:00 a.m. to 12:00 p.m. Where: Miller Hall, The World Forestry Center 4033 SW Canyon Road Portland, OR 97221 Agenda: 8:00 a.m. - 8:45 a.m. Coffee and Registration 8:45 a.m. - 9:00 a.m. Welcome and Introductory Remarks 9:00 a.m. - 9:50 a.m. "Wireless Networks - A taste of 3G" 9:50 a.m. - 10:00 a.m. Break 10:00 a.m. - 10:50 a.m. "How DHS Will Change Your Business" 10:50 a.m. - 11:00 a.m. Break 11:00 a.m. - 11:50 a.m. "Keeping Software Secure" 11:50 a.m. - 12:00 p.m. Closing Remarks Speakers and Topics: Randy Walter on "Wireless Networks - A taste of 3G" Randy Walter from Verizon will be speaking on the 3G wireless network technology. His presentation will cover the next generation of high speed networking, high speed data enabled handsets, and 3G wireless data with case studies and solutions. Joel Summer on "How DHS Will Change Your Business" Joel Summer joined Miller Nash LLP in 2003 as a partner in its Seattle office. Joel Summer, formerly the vice president, general counsel and corporate secretary of Univar USA Inc., the largest distributor of industrial and pest-control chemicals in the world. Prior to his tenure at Univar, Mr. Summer served as a partner at Preston Gates Ellis LLP. Joel is a graduate of the University of Illinois and the DePaul University College of Law. Mr. Summer is licensed to practice law in Washington, Oregon and Illinois. Joel Summer will be speaking on the impact of Homeland security in the business environment. Homeland security is really an amalgam of some 40-plus different federal laws. New laws are coming out of legislative committee by the week. These laws affect plant security, identification of key assets and processes, background checks on new employees, cyber security and transportation of products and services. Joel Summer will take you on a whirlwind tour of some of these laws. David Aucsmith on "Keeping Software Secure" David Aucsmith is the Security Architect and Chief Technology Officer for Microsoft's Security Business Unit. He is responsible for defining the overall security architecture for Microsoft products. This includes the Windows Platform, the .NET Servers family and solutions based on these platforms. Additionally, David is responsible for government specific features in the Windows platform. Prior to Microsoft David was the Chief Security Architect for Intel where he worked on both hardware and software security technology including random number generation, cryptography, steganography, and network intrusion detection. David has been heavily involved in computer security and cyber-crime issues for over 20 years. He is a representative to various international, government and academic organizations. These include: * US Industry representative to the G8 Committee on Organized, Transnational, and Technological Crime (known as the Lyon Group) - worked to provide the technical understanding necessary to combat cybercrime while preventing egregious government regulation or treaty obligations - included direct participation in Paris, Berlin, and Tokyo summits * Co-chair of the FBI's Information Technology Study Group * Member of Secret Service Taskforce on Computer Aided Counterfeiting * Worked with the European Commission (DG XIII) to craft digital signature regulations - represented US industry at the European Commission Hearings on Digital Signatures * Member of the Presidents Taskforce on National Defense and Computer Technology, a component of the Centers for Strategic and International Studies * Keynote speaker at numerous conferences including Defending Cyberspace 2000, HTCIA 2000, 2001 2002, and 2003, Cybercrime 2002 and 2003, and the 2000 Secure Tech Conference * Program Committee, 4th Conference on Information Hiding and Steganography, Pittsburgh, PA, 2001 * Program Committee, 2001 Network and Distributed Systems Security, San Diego, CA, 2001 * Program Committee, 1999 International Information Security Workshop, Kuala Lumpur, Malaysia * Program Committee, 3rd Conference on Information Hiding and Stenography, Dresden, Germany, 1999 * Program Committee, 2nd AES Conference, Rome, Italy, 1999 * Chair, 2nd Conference on Information Hiding and Steganography, Portland, Oregon, 1998 Additionally, David has 27 issued US patents in the security technology field. David Aucsmith will be speaking on keeping software secure. * Parking Availability: Miller Hall shares the large free parking lot with the other surrounding institutions including the Oregon Zoo. You can also arrive by Tri-met's Westside MAX. The Washington Park Station is just a short walk from Miller Hall. *Contact Information: Any questions or comments can be directed to SA Mike Ruffner at (503) 552-5466 or SA Phil R. Slinkard (503) 552-5290.
_______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug