As you’ve noticed, I haven’t been posting much lately. I’ve been trying to wrap up everything here in Bermuda before our big move back to Canada. My last day at the office is on Wednesday – also the day that the movers come – and then we fly out at noon on Friday. We’re both really excited and we’re looking forward to getting back.

Now a word about security. One of the things that we have to do is cancel our services, such as power, cable, Internet, and so on. What completely amazes me is how unsecure their process for doing this is. Take for example my broadband Internet connection. After giving up on calling in, as no one was picking up the phone, I decided to send an email into support asking how to go about canceling my account. Two days later I received an email stating that I could simply email in my name (ok), address (ok, that’s fine), account number (umm…alright), passport and credit card number (sure…wait….WHAT?).

I replied to the email asking why they needed my credit card number to cancel a service. The response, “It’s how we prove that you are who you say you are“. I was beside myself. I replied to the email stating that I would no send my credit card information in over the Internet as this was an Insecure method of doing so. I received a response back, that same day, providing me with an alternative:

“Dear Mr. Hay,

If you are unwilling to send us the required information to cancel your account you can scan the front and back of your credit card and passport and fax it in. Alternately, you can come in and cancel your services at our storefront location.”

“Unwilling?” At this point I decided to stop trying to teach security to this support representative and politely replied back stating that I would do this in person at the storefront location. The storefront location didn’t need my passport, nor did they need my credit card, to cancel my account.

Wow.

Brian Carmen brought these to my attention and they’re absolutely brilliant. They also go quite well with my Protesting Using Computers != Cyberwar article from yesterday:

It looks as though my comments on OSSIM did not fall on deaf ears. They have, in fact, caused my comments to be lumped in with Anton Chuvakin‘s and massaged into something that reads as “OSSIM is not a SIEM” and “OSSIM is too difficult for S/MB and not reliable enough for the Enterprise”. Ummm….alright. Let’s clarify a few things here:

I have never said that OSSIM was not a SIEM.

In fact I was a big supporter of it early on but fell out of love with it when there was no visible progress over a 2 year period. I’m not blaming the developers, and I totally understand the Open Source ideals, but you can’t argue that a product is as good or better than a commercial alternative just because it is free and Open Source. To quote a Southern friend of mine – that dog won’t hunt.

Is it an Enterprise SIEM?

No, I don’t believe it is (but am willing to be corrected). I see it as a great SIEM solution if you’re feeding it data from other Open Source products. Looking at the “collector” page, that lists the supported data sources, shows me that either the integration points are very generalized or the marketing material needs updating (for example it looks as though OSSIM can collect data from Microsoft Office and Netscape based on the logos). If I were in the market for a SIEM solution and saw the “collector” page I’d be just as confused as when I started looking.

When I last tried to use OSSIM I deduced it wasn’t user friendly enough for a SMB to use.

When I install a product, I don’t want to have to jump through numerous hoops to get it up and running. Back when I tried to install OSSIM I was sent all over hell and creation to find the required packages to get it up and running. This is not user friendly. Maybe I’m lazy…maybe I’m just too busy to screw around with a product to poke and prod it into working for me. Maybe this has changed since I last tried it but I’d need some serious convincing to go back.

Am I willing to give it a second chance?

Sure! I’m a big proponent of all SIEM technologies and would certainly open my mind to trying it again. I would, however, want to run it along side of a couple of enterprise SIEM solutions to see how it stacks up. I wouldn’t want to just evaluate the technology but would also like to see how the paid support stacks up against enterprise SIEM support channels.

Dom, If you’re up for the challenge, let me know 🙂