With my book finally into the publisher I have some time to work on the other projects I orphaned, like the Log Analysis Professionals site. As I mentioned in an earlier post, the Log Analysis Professionals site was created at the request of several members of the Log Analysis Professionals LinkedIn group to provide a common meeting place to discuss ideas, trends, and techniques regarding logging and log analysis. Through this site we will attempt to build a community of log analysis enthusiasts and professionals.This site was not created to replace existing sites that offer log collection and analysis information but rather as a virtual coffee shop to exchange ideas. I don’t want people thinking this is another flash-in-the-pan website dedicated to log analysis. This site’s main purpose is to support the LinkedIn group that bears its name.

As you can see from the posts on the site, we now have several contributors. Most recent additions include Rory Bray, Dr. Anton Chuvakin, and Harlan Carvey. We’re also looking for more contributors. Hey, this is a community of professionals after all. If you’re interested in signing on as a contributor, please email andrewsmhay/at/gmail.com and I’d be happy to provide you with an overview.

In a precedent-setting civil lawsuit, a Saskatchewan woman, who overdosed on crystal methamphetamine, has successfully won a suit against the drug dealer who sold her the highly addictive drug. From the article:

She has since developed a heart condition that leaves her constantly fatigued and limits her chances of ever having children.

In her statement of claim, Bergen said Davey knew the drug was highly addictive and the sale of the drug was “for the purpose of making money but was also for the purpose of intentionally inflicting physical and mental suffering on Sandra.”

Let’s take this crazy, and blatantly stupid, case and shift it over to the security world. Could you imagine suing your firewall vendor because the product they sold you didn’t prevent a breach from happening? What about an IDS vendor for not detecting an attack? Their legal team would flat-out laugh in your face. I know the situations are not identical but a parallel immediately came to mind. When you purchase something, anything, there is a certain expectation that the user knows what they are doing.

You buy a firewall to prevent unauthorized network access between network segments. If you don’t configure the solution correctly then unwanted traffic might still get through.

You buy an IDS to inspect for malicious or inappropriate traffic as it flows through your network. If you don’t configure the solution correctly then unwanted traffic might still get through.

You buy a NAC solution to allow access to resources only when the proper credentials are presented. If you don’t configure the solution correctly then unwanted traffic might still get through.

You buy illicit drugs to get high. If you use them you might injure yourself or die.

Security vendors are selling you a tool to perform a task – prevent or detect breaches. In the case of the methamphetamine fiasco the drug dealer was providing his customer with a tool as well – drugs. These drugs were made to perform a task – get the user high. The moral of the story is, if you buy something, make sure you know all the pros and cons of your purchase before implementing them.

I had to write about this because it made me SOOOOO ANGRY!