First off, a little bit of a warning; this is not a book to be picked up lightly to get an overview of IDS systems. It is a book that requires you to have a good understanding of IDS technology as well as a very good grasp on the fundamentals of the IP, TCP, and UDP protocols. If you do not meet those conditions, I am afraid this book will do nothing but hurt your head.   Assuming you have made it this far, it is a very interesting book (although it may still make your head hurt). It is geared towards someone looking to take one of the GIAC exams on network security (a fact that is not mentioned obviously). It uses a model of presenting the reader with events recorded on IDS systems in the wild and presenting the anylsis in a consistent manner. The examples used in the book were culled from the answers given in the exams for the GIAC Intrusion Detection Professional Certification. It divides the network traces into groups from “Network Mapping” to “Exploits” to “Out of Spec Packets.”

I found the range of topics to cover the full spectrum of incidents a network security analyst will encounter. The method of presentation became lightly tedious as I worked through all of the examples and some of the analysis seemed a little lacking in depth. I would have preferred a little more background and analysis on the traces than was often given.

But even with those criticisms, I found the book very educational. It gives a solid methodology to follow in analyzing events on your own network as well as offering examples of many common (and some not so common) network traces.

Did Peter Jackson even read the fucking book? Elves in Helms Deep? Ents say “screw the rest of the world” then tricked by a freaking hobbit into getting involved? Faramir captures Frodo and Sam and drags them to Osgiliath? Changing “Samwise the stout-hearted” to “Samwise the brave?” I think even Americans can handle the term stout-hearted.

Jesus H. Christ. It was a good movie, great cinematography, but it wasn’t The Two Towers.

I just have no comment.

This is too funny.

Amazon emails me on a moderately regular basis trying to entice me to buy books they think I might like. They use various methods to figure out what books other people with similar buying habits as mine have bought to make these suggestions. I don’t mind all that much, especially when their algorithms give me a good chuckle.

No, not me, all of us.

I would write more about this link, but I think I will instead just lie down on the floor and give up.

Researchers Say

On the heels of the Bush administration’s announcement that John Poindexter would be in charge of spying on citizens, Bush has decided to bring back another Iran Contra player, Elliott Abrams. He will be the new advisor to the president on Middle Eastern affairs. San Francisco Gate Article

Appointment’s like this just stun me with their audacity. Now we have two veterans of the infamous Iran Contra affair back in government service. One, John Poindexter, whe was convicted of lying to Congress (a charge that was later overturned on a technicality), and another, Elliot Abrams, who plead guilty to withholding information from Congress (and later pardoned by Bush Sr.).

It is almost too bad that Oliver North didn’t win his bid for Senate, they could have had a real party up in Washington.

Unfortunately, Abrams is a hard liner on the Israel palestine issue and will probably cause much difficult for the State departments attempts to bring about a peaceful resolution of that issue. I truly fear that this appointment will just further the agenda of the Sharone government in using military force to crush the Palestinians even more than he is already doing. It will also weaken Colin Powell’s position in the administration and make him seem more like an outsider. So much for one of the few sane voices in the current administration.

I wonder how long before he becomes the next Paul O’Neill?

Read below to find out another reason why:

link

On this cold saturday morning after thanksgiving (which was quite good, thank you for asking), I was browsing the New York Times and found several articles of interest. Links and comments below. Massachusetts to Press Microsoft Antitrust Case

Thank you Massachusets. Somebody came to the realization that the settlement put together by the Bush DOJ was completely worthless and would do nothing to stop the behaviours that got Microsoft into hot water in the first place. This is one of those sad, unseen consequences of the pro-business-at-all-costs mentality that enetered the White House with the Republicans.

I do not know whether the argument that the ruling as it stands now will have no substantive effects on how Microsoft conducts it’s business will hold up with the Appeals court, but it is nice to see at least one of the states continuing the good fight.

Mandate for the Middle

Jim Jeffords (Ind, VT) may not be a force to counter the Republican help Senate anymore, but he is really in a unique place to voice his opinions, and I appreciate that as an independent he only really has one group he answers to, his constituents. And I admire his guts for making that move. (I am sure there were less altruistic reasons for his actions, but I prefer to not think of them.) I think that the major political parties have gotten so entrenched in their own policies and cohesiveness that the system has lost the idea of representing the best interetsts of the country. I think the country would be well served by more indepentently minded people entering government. A few loonies thrown in might really shake things up.

His op-ed talks a good bit about the kinds of issues that are being ignored in today’s political discussions but shouldn’t be. Of course they are being ignored because they are “bad news” issues that aren’t particularly sexy. It is very hard to have a great “rah! rah!” press conference on coal plant emissions. (Although maybe showing laser guided bombs dropping down the smokestack would work. I should get Ari on the phone…)

Unfortunately his piece will be read and ignored by a majority of the population (or at least a majority of the minority that actually read any kind of news these days). ::sigh:: The system depresses me.

A week ago or so, I got an email from a friend of mine. She asked me some unix questions about a system she works with. As we coresponded I realized she had a bigger problem than she initially thought. This system is “managed” by a third party company that provides the software and support for the hardware. Unfortunately that does not include security support. That kind of support is supposed to be provided by one of her coworkers. To be polite, let us say that the coworker did not do a stelar job.

So I got to go and help confirm that the machine had been hacked into. It looks from the evidence left that it was set up as a drone in a DDOS network. The intruder whacked the log files, so who knows if they have been back. Unfortunately for my friend, it will cost her company $5000 to have the system restored. And unless her coworker learns about network security real quick, the machine will probably be just as vulnerable when it is “fixed” as it is now.

Thankfully, I think I did a good job of explaining all the horrible things that could happen, both to their data, and legally that they will bite the bullet and get the system rebuilt. I know that there have not been any definative legal decisions regarding a companies liability if it’s systems are used as a springboard for further ttacks, but I doubt they want to be a test case.

I really wish there was something I could do to help, other than provide advice. But although I am happy to provide advice for free, I can’t really offer to do the securing for free, as that is technically in her coworkers job description. Not to mention the assumption of some level of liability for the system’s security going forward. So for now, I will remain an unpaid advisor; the least I can do for a friend.