Review of Crimeware Posted

Amazon.com just posted my four star review of Crimeware by Markus Jakobsson and Zulfikar Ramzan. Really, I'm not kidding. After a four month hiatus I'm posting book reviews. From the review:Crimeware is a collection of chapters collectively written by 40-odd security researchers. Sometimes this approach is a formula for disaster, but here the end result is a solid book that covers a broad number of topics. Because each author or group of authors...

Read More

Traffic Talk 5 Posted

My fifth edition of Traffic Talk, titled Network security monitoring using transaction data, has been posted. From the article:Welcome back to Traffic Talk, a regular SearchNetworkingChannel.com series for network solution providers and consultants who troubleshoot business networks. We took a break, but we're back with more articles on using network traffic to make your business more productive and secure.In this article, I discuss network security...

Read More

LinuxFest Northwest 2009

In honor of LinuxFest Northwest 2009, which I attended at Bellingham Technical College today, I submit a BASH script to parse my Firewall Log. There were great speakers today. I really appreciated PNNL's Gary Smith excellent presentation on his archictecture of sensors that feed PreludeIDS. Seth Schoen delivered an excellent talk on physical security, side-channel attacks , and cold-boot attack vectors. Local consultant Derek Simkowiak delivered a comprehensive presentation on Open Source Virtual Machines.# Checks NetGear Firewall syslog output...

Read More

TaoSecurity Blog Wins Best Non-Technical Blog at RSA

I noticed in Martin McKay's post Security Bloggers Meetup 2009 that TaoSecurity Blog (this blog, despite where you might be reading the reposted content) won the Best Non-Technical Blog award at the RSA 2009 Security Bloggers Meetup. Thank you for the votes! I was not aware that the blog was nominated nor did I mention the contest here. I appreciate the votes despite the posting slow-down while I was vacationing with my family and then teaching...

Read More

4th Issue of BSD Magazine

I recently received a copy of the 4th issue of BSD Magazine. The cover focus is on PC-BSD, but there are also articles on ZFS, Django, and backups. This magazine seems to really be coming along. I would be interested to know if people are seeing it at their local book stores. A new issue of Linux+ Magazine is also posted too.Richard Bejtlich is teaching new classes in Las Vegas in 2009. Early Las Vegas registration ends 1 M...

Read More

Elvis Presents IDS vs NSM

When I teach Network Security Monitoring I often introduce the alternative using an image like the following. It shows what an analyst (here, Elvis) might do if the only data he had to work with as an alert from something like a traditional intrusion detection system.Compare that workflow with the possibilities provided by Network Security Monitoring:Usually when I present this concept I take the opportunity to mention that Elvis studied American...

Read More

Speaking of Incident Response

In my last post I mentioned I will be speaking at another SANS IR event this summer. I just noticed a post on the ISC site titled Incident Response vs. Incident Handling. It states:Incident Response is all of the technical components required in order to analyze and contain an incident. Incident Handling is the logistics, communications, coordination, and planning functions needed in order to resolve an incident in a calm and efficient manner.That's...

Read More

Bejtlich to Keynote at SANS Forensics and Incident Response 2009

I am pleased to announce that I will return to SANS in 2009 to provide another keynote at the second SANS WhatWorks Summit in Forensics and Incident Response. I published Thoughts on 2008 SANS Forensics and IR Summit last year. Rob Lee did a great job organizing the 2008 event and I expect the 2009 event to be excellent as well. This 2-day summit will be held at The Fairmont in Washington, D.C. on 6-7 July.Richard Bejtlich is teaching new classes...

Read More