Sunday, February 26, 2006

NSA going on a shopping spree..

The NY Times reports that the National Security Agency recently paid a visit to Silicon Valley shopping from what appears new technologies in data mining, a topic near and dear to every liberal's heart. The application itself isn't very new -- take volumes of data, feed it into a database and start to look for correlating events. Cisco and Symantec have entered the network security appliance market with their own data mining appliances which are hyped to take raw system logs from various entry points ( firewall syslog, antivirus and ids alerts ) and weed them out into a "actionable" events for understaffed security teams. And don't forget that auditors will dictate that "evidence" from your million dollar toy will ensure your Fortune 500 company from failing knee jerk, stupid laws that don't even work.

Sunday, February 19, 2006

Ciscio IOS Security guidde - 12.4

Quick bookmark to Cisco's Security configuration guide for IOS 12.4. Features now included: IPS, CBAC, dynamic access lists, DoS prevention and more.. Refer to earlier links if you don't have any hardware available for testing.

More attempts at defeating SP2

Here's
an interesting paper on defeating SP2 security measures, specifically Data Execution Prevention and Heap Protection. Haven't dived too deep into yet.

Saturday, February 18, 2006

Cisco Security Agent

Cisco Security Agent is probably one of the best host intrusion prevention technologies on the Windows platform. It policy driven that resides in kernel memory monitoring API calls and reduces some of the overhead that Symantec AV does not. It is not definition driven at all and takes security to a whole different level by actually preventing unknown/known attacks without requiring patching. Here are some case studies demonstrating its track history.

Cisco CSA Deployment Best Practices

Deployment guide

Sunday, February 12, 2006

MS v. Symantec

Now the Washington Post is reporting that the latest definition release of MS Anti-spyware utility will flag Symantec AV files as "PWS.Bancos.A" and delete them. Good job Bill. Just as the smoke is clearing from the anti-trust suite, his "beta" software just declared jihad on Symantec. Maybe Symantec will flag critical files for Internet Explorer as Adware/Malware and delete those off (probably rightfully so). God help us with what researchers find in the new Microsoft AV services.