If security is of the utmost concern then in my opinion the best solution to the problem should be applied – end of story.  However, with overworked staff and a lack of multi-vendor skills it is easy to see why companies choose Cisco with the similar looking administration GUI’s, CLI’s and the ability to expand appliance capability by using software modules. 

I believe that Cisco are making huge strides in the security market and feel that that although some products may not offer the same performance as others in a certain environment, their products for the most part integrate well into organisations with less administrative overhead if the customer is already a Cisco customer.  I’m trying to stay neutral here and not show a preference either way but I will say that I think Cisco’s layered approach to security is very good.  It is because they have such a wide range of products that slot together well that customers are keen to choose Cisco, in my opinion.  UTM solutions are good for the SMB market but offer little in way of tiered defence.  That said, if I was recommending an appliance for a customer who specified strong security was the priority then performance has to be the deciding factor regardless of vendor.

Anyway, here’s the article -> http://www.networkworld.com/news/2008/111708-cisco-sec.html

Stay tuned..

Have a look here -> http://www.doxpara.com/?p=1185

I’m not sure what I’ll focus on now, I’ve got to keep my skills sharp and my certifications current because I’m self employed and the industry can be a bit fickle I suppose – make no mistake, hands on experience is what counts.  Whatever it is I intend to do something fun alongside it.  I really fancy doing Remote Exploits Offensive Security course although I may warm up with the BackTrack WiFu course first – the Remote Exploit team are superb -> http://www.remote-exploit.org/

It’s been a few months since I’ve done any meaty Checkpoint stuff so I may just recertify my CCSA in NGX at the same time.  Decisions decisions!  For now I’m just happy that this ones out of the way!

Ian

In doing so, Dan dared to became the subject of criticism from his peers.  Their mindset was that exploits should be released and be public knowledge so that fixes can be deployed and the theory reviewed by other security professionals.  Dan himself admits that he was wrong in not seeking peer review before going public; he instead chose to go public about the flaw that he identified before all systems were fully patched and announce that a fix was being deployed.  He admitted he was wrong but I can’t help but think he wasn’t – although I must credit him for falling on his own sword after the scorn of fellow security professionals.  He didn’t release the flaw to any of his online peers because he was concerned that it would be released early before all DNS servers could be patched – which is exactly what happened.

After receiving this criticism he instead opted to seek out the opinions of two other prominent security professionals.  One being Dino Dai Zovi and the other Thomas Ptacek, a security expert and Principal over at Matasano Security.  Both validated Dans claims – he was right, the DNS vulnerability is real.  Dan was due to speak at Black Hat in Las Vegas where he would release details of the vulnerability as sufficient time would have passed to allow the patching of vulnerable servers.  However, before he had the chance, someone beat him to the punch.

Halvar Flake, otherwise know as Thomas Dullien, CEO and Head of Research over at Zynamics, decided to post his own hypothesis on what the vulnerability was.  It turned out that he was almost bang on with his theory but this was then corroborated when a post by a researcher at Matasano Security corrected some of the details Halvar Flake had posted – swiftly hitting the nail on the head of any secrecy left out there about the vulnerability.  As soon as Matasano realised the blog post had been published early they removed it and a letter of apology was published from Thomas Ptacek.  He explained that the post was not supposed to have been published, apologised for the leak and praised Dan for his work in finding the exploit.

As it stands, the patches are being applied but Dan suggests that for now you use OpenDNS for your DNS services, they are expecting your traffic and their DNS servers are safe to use.

Who says IT is boring?

Ian

Welcome to my new blog, SYN-ACK.  I intend to use this as a means of sharing knowledge, building knowledge and networking with my fellow IT security peers.  Topics of discussion will be wide and varied ranging from my current projects, little white papers on security related topics and updates on my own career path.

Please feel free to comment on any posts and while I expect debate and conflicting views, please keep all discussions constructive and pleasant.

I’ve also imported the few posts from my previous blog that I started a few months ago.

Thanks for looking!

Ian