Well I’ve eluded to it over the past couple of months and everything is now final. I will be co-authoring the Syngress book “OSSEC Host-based Intrusion Detection” with Daniel Cid and Rory Bray. Look for it in stores in February 2008 and buy as many copies as you can ๐
About the book:
Since it’s launch in October of 2003, OSSEC has gained momentum to the tune of 10,000 downloads per month from every part of the globe. Commercial host-based intrusion detection solutions range from $60 to as high as thousands of dollars. As there is no free host-based intrusion detection solution that can match the functionality, scalability, and ease of use of OSSEC it stands in a class by itself.
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented…until now! This book will show you how to install and configure OSSEC on the operating system of your choosing and provide detailed examples to help you prevent and mitigate attacks on your systems.
Included with the book is a DVD containing the latest OSSEC software for Windows and Linux/Unix, a pre-configured VMWare image with OSSEC already installed, and a step-by-step video detailing how to get OSSEC up-and-running on your own system.
When I’m out speaking in public I’m representing the company I work for so I have to, as my grandmother used to say, “mind my tongue”. It has always been an unwritten rule that you don’t discuss business with competitors but what about being chatting about the industry (e.g. trends, acquisitions, issues, etc.) with said competitors?
On more than one occasion I’ve had great conversations with Dr. Anton Chuvakin of LogLogic and Ron Gula of Tenable Network Security. We’re fully aware of the organizations which we work for, we’re all very proud of our respective products, but we’re still able to talk casually (and sometimes bluntly) about the industry, it’s challenges, and it’s pitfalls.
I believe we get along for a few reasons…we all have similar interests, we all have a great sense of humor, and (I think) we’re genuinely nice people ๐
Let me give you a few examples…
Earlier this week, Anton and I discussed the percentage was of a certain products users actually using the product when it was thrown in for free (A certain company has been known to do this as a value-add to a large customer purchase of its switches and routers to ‘manage’ their newly purchased infrastructure). The jury is still out on this number as we both feel it sits on the shelf most of the time ๐
A few weeks back I needed assistance finding someone to talk to in product management at a particular company. I hesitated asking Ron if he knew anyone there, but he quickly offered to make the introductions.
I recently asked Anton’s opinion on how many slides he would recommend for a 30 minute technical presentation. The answer, in case you’re wondering, was between 15 and 20 depending on content. Anton then told me, jokingly, that he was off to work on competitive slides detailing why my company’s solution sucked. I reminded him to include sections on how great his syslog server solution was (inside joke). We both had a good laugh on that one.
A few months back I was talking with Ron and he mentioned how he was looking for someone in California to join Tenable as a trainer. I happened to know an excellent resource in the area and had no second thoughts about sending the resume along with my endorsement. It didn’t work out but if he asked me again I’d be happy to recommend some additional resources that might fit an open requirement.
I guess, at the end of the day, we’re just a couple of like minded guys trying to help each other out. Granted, the only thing I’ve given Anton is a hard time but you never know…someday, and that day may never come, my colleagues may call upon me to do a service for them. And you know what…I’d be happy to do it!
Alright…things are calming down again. Expect to see more regular posts ๐
Here is the list:
ArcSight files for $74.8 mln IPO – Very interesting. Hopefully this IPO fares better than than the Sourcefire one.
Morgan Stanley & Co Inc, Lehman Brothers Inc, Wachovia Capital Markets LLC and RBC Capital Markets Corp are underwriting the IPO, the company told the U.S. Securities and Exchange Commission in a preliminary prospectus.
Information Security Consultancy – Market Analysis Summary – If you’re struggling to get your consultancy rolling or are considering starting one then this is a must read.
According to the business plan that I am following, a Market Analysis Summary is performed by analyzing Market Segmentation, Target Market Segment Strategy, and Service Business Analysis. If I am reading into this correctly the basic gist of a Market Analysis Summary is to help determine who the business will target, what services they will provide to these targets, and identify who are the competitors that will be offering similar services to the targets. In an effort to determine if I am correct, and to provide more information online, the following is what I have written to satisfy the Market Segmentation and Target Market Segment Strategy. I am hoping that people will comment and let me know if I have forgotten something, misinterpreted something, wandered off the path, or completely misunderstood the goal.
Searching for evil: Recommended video – Agreed, very interesting video. Check it out.
Professor Ross Anderson gives an excellent video on malware, phishing and spam, called โSearching for Evilโ. Highly recommended viewing.
CIS Releases Virtual Machine Security Guidelines – I haven’t read this yet but these guidelines are long overdue.
The Center for Internet Security has released their v1.0 guidelines for generic virtual machine security. I will say that this is a basic, concise and generally helpful overview to practical things one might consider when deploying, configuring and beginning to secure a virtual machine.
Being a CISSP – I still hold this certification in very high regard and plan on getting it for most of the reasons that Andy outlines in his article. It’s a personal goal for me and I won’t be happy until I achieve it. Santa has the Iron Man…I have the CISSP exam. Only difference is that I can eat all the pizza I want while working towards my goal ๐
The CISSP is not the cert for everyone. It depends on what your career goals are and where your interest in security are. It may be the best thing that you do for your career or it could be just another bunch of letters after your name. I think a lot of it’s value depends on you and how you use it.
OSCP (Offensive Security Certified Professional) Training and Challenge – This was an excellent account of the OSCP offering. I’ve often contemplated signing up for this as I would be curious to see how it would help the people who ask me for career advice in regards to security certifications. I’ll put it on my list of things to-do.
Iโm writing this post, as I really feel that this course needs to get more publicity. Over the last few years I have done countless security courses, and exams from some of the top players in this market, and nothing has come close to the OSCP training.
Interesting Forensics and Logging Presentations from DFRWS – Download them and read them when you get a chance. Never hurts to have reading material handy when you’re stuck at an airport ๐
Some fun reading material here: DFRWS 2007 preso and papers. A few fun pieces on logs to, specifically
* “Introducing the Microsoft Vista Log File Format. Andreas Schuster. (paper)
* Automated Windows Event Log Forensics. Rich Murphey. (paper)
* Analyzing Multiple Logs for Forensic Evidence. Ali Reza Arasteh, Mourad Debbabi, Assaad Sakha, and Mohamed Saleh. (paper)”
And now for a few eye-bleeders:
File On Purdue Web Page Contains Student Information
Purdue University is alerting 111 student about a file found on the Internet containing student information. The file, stored on an unused but still available web page, contained student names and Social Security numbers. This incident affects students enrolled in the Fall 2004 Animal Sciences 101 class at the university. Purdue has since removed the web page and notified the 111 students affected by the incident. In addition, Purdue has setup a hotline – 866-275-1181 – for any student that did not receive a letter but believes they might be affected by the incident. More information on this incident can be found at www.purdue.edu/news/coa0709.html.
Another Laptop Containing Student Information Stolen
De Anza College is warning a number of students that the recent theft of a De Anza laptop might place them at risk for identity theft. The laptop, stolen from the home of a math professor, contained information on 4,375 students including names and some Social Security numbers. According to De Anza officials, however, both the laptop and the student information are password-protected, but there is no information on the type of pass-word protection or if encryption was used as well. De Anza officials have sent letters and e-mails to all affected students, but fear that the college’s contact information may be out of date. De Anza urges any student that took a mathematics class between 1991 and 2003 as well as between 2005 and the present to e-mail Kathleen Moberg, Dean of Admissions and Records, or call (408) 864-8292 to determine if they are affected by this theft.
Yahoo Search Returns Spreadsheet Containing USC Student Grades and SSNs
Aaron Titus of SSNBreach.org made a startling discovery over the weekend when a Yahoo search returned a spreadsheet contain the names, Social Security numbers, assignment scores, test scores, course grades and indications of academic misconduct on 3,199 University of South Carolina students. The spreadsheet was found on USC’s Biological Sciences Department web site. Titus notified the university and the FBI on the same day the file was discovered and USC immediately began removing the information. However, the information still remained in major search engine indexes according to Titus. In an odd turn, it seems that USC has yet to inform the students affected by this incident. According to second-year chemistry student, Elyse Coolidge, “I feel disappointed [over the lack of notification]. If the university knows they made a mistake, they should at least have the integrity to tell me.”
Hopkins Waits Five Weeks To Disclose Data Theft
Johns Hopkins University waited five weeks before notifying patient and their families about the theft of a desktop computer containing patient information. The computer, taken from an “administrative area” of Johns Hopkins on July 15, contained patient names, Social Security numbers, dates of birth, medical history and other personal information. According to University officials, the computer was secured to the desk by a steel cable and it was password-protected. However, the computer did not contain an encryption software to protect the data nor was a the data password-protected. According to Gary Stephenson, Hopkins spokesperson, police were notified about the breach two weeks after the computer went missing but the university delayed notification due to fears public notice “might sabotage the efforts” to recover the computer. Johns Hopkins is offering to pay for a year of credit monitoring services for affected patients.