Like or Dislike: 0  0

Like or Dislike: 0  0

Like or Dislike: 0  0

Like or Dislike: 0  0

Grrr – no, this one. I suck at HTML.

;>

Like or Dislike: 0  0

The post to which I attemped to link is this one.

Like or Dislike: 0  0

See this post for more commentary in this arena:

IF-MAP is somewhat interesting, but there are already existing information interchange formats in the control and management planes which aren’t being leveraged to their fullest – NetFlow, IPFIX/PSAMP, flow-spec, and even basic techniques making use of BGP such as S/RTBH and QPPB. DNS architecture is a particular sore point, as time and time again DNS ends up being the weak link in the chain, followed by a lack of deployment of even the most basic network infrastructure BCPs such as BCP84 via ACLs/uRPF/QPPB, S/RTBH, iACLs, rACLs, CoPP, et. al.

Situational awareness is an area in which huge improvements in network detection/classification/traceback are required; you can’t mitigate that which you can’t see or understand. NetFlow (and later, IPFIX/PSAMP) telemetry is key to scalable network visibility, and both statistical and behavioral NetFlow-based anomaly-detection are extremely important.

[Full disclosure; I work for a company which develops commercial NetFlow-based anomaly-detection systems. That being said, I strongly advocate starting out with open-source tools, moving to commercial tools when additional capabilities are required above and beyond what the open-source tools provide, and after gaining operational experience using open-source tools.]

Like or Dislike: 0  0

Like or Dislike: 0  0

Good stuff.

-David

Like or Dislike: 0  0

Like or Dislike: 0  0

I enjoy reading Kevin’s writings and I am impressed with his networking (human,) especially given his interactions with folks like Vivek Kundra. This is why it’s important to ensure the messaging surrounding “Cloud,” especially in the federal sector sets the appropriate expectations.

With Cyberwar this and funding that, we can and should be spending our time and money on things that have the most bang for the buck. For the most part, as it relates to security — and even in the realm of Cloud — that means those boring things Kevin described in the beginning of his article.

Cloud doesn’t change the need, just the application.

/Hoff

Like or Dislike: 0  0

I do believe that eventually you can use virtualization technology to create a silver buckshot approach to security instead of always relying on a serial silver bullet mentality but not in the manner he puts forth.

It’s possible he is simply talking about overwhelming response to an attack through a brute force means which, while I applaud in theory, is not something we can legitimately even attempt right now without huge distributed bot-net type grids of our own. That simply does not exist in most situations and in fact even were it accurate or feasible to attempt to implement now, most Government organizations are going the opposite way in an attempt to reduce the surface area of attack space. DOS, while noisy and a pain, is probably on the lower end of many folks worries right now as attack vectors go.

-David

Like or Dislike: 0  0

Like or Dislike: 0  0