Comments for BreachBytes http://www.breachbytes.com Network Forensics | Network Monitoring | Incident Response Fri, 04 Jul 2008 13:42:04 +0000 http://wordpress.org/?v=2.5.1 Comment on Virtual Security Roundup by Stephen Smoogen http://www.breachbytes.com/2008/04/08/virtual-security-roundup/#comment-473 Stephen Smoogen Tue, 08 Apr 2008 15:20:50 +0000 http://www.breachbytes.com/2008/04/08/virtual-security-roundup/#comment-473 For Xen and other linux VM's it should be possible to create virtual taps comparability easy. The Vmware systems would be a lot harder to deal with. The next question would be where to analyze the data. I know that for business reasons people would like to have it either in another virtual machine or on the 'Domain0' of the system. However, that adds more usage of resources and is not secure from a 'leaked' vm: [Thus I am guessing the Phantom system which looks aimed at.. I wonder if its for any VM or just the s390 version.] For Xen and other linux VM’s it should be possible to create virtual taps comparability easy. The Vmware systems would be a lot harder to deal with. The next question would be where to analyze the data. I know that for business reasons people would like to have it either in another virtual machine or on the ‘Domain0′ of the system. However, that adds more usage of resources and is not secure from a ‘leaked’ vm: [Thus I am guessing the Phantom system which looks aimed at.. I wonder if its for any VM or just the s390 version.]

]]> Comment on Massachusetts Banking Association reporting a major unnamed retailer breached by Not the next TJX, but 4.2M card numbers none the less http://www.breachbytes.com/2008/03/17/massachusetts-banking-association-reporting-a-major-unnamed-retailer-breached/#comment-260 Not the next TJX, but 4.2M card numbers none the less Tue, 18 Mar 2008 20:37:08 +0000 http://www.breachbytes.com/2008/03/17/massachusetts-banking-association-reporting-a-major-unnamed-retailer-breached/#comment-260 [...] « Massachusetts Banking Association reporting a major unnamed retailer breached Mar 18 2008 [...] [...] « Massachusetts Banking Association reporting a major unnamed retailer breached Mar 18 2008 [...]

]]> Comment on BreachBytes Article Links Archive by Massachusetts Banking Association reporting a major unnamed retailer breached http://www.breachbytes.com/2007/12/17/breachbytes-article-links-archive/#comment-256 Massachusetts Banking Association reporting a major unnamed retailer breached Mon, 17 Mar 2008 21:13:23 +0000 http://www.BreachBytes.com/2007/12/17/breachbytes-article-links-archive/#comment-256 [...] when it started to seem that 2008 was going to be a better year than 2007 for data breaches, the Massachusetts Banking Association is notifying its members of a major data breach at an [...] [...] when it started to seem that 2008 was going to be a better year than 2007 for data breaches, the Massachusetts Banking Association is notifying its members of a major data breach at an [...]

]]> Comment on The Three "R"s of Incident Response: Respond, Recover and (Public) Relations by Stephen Smoogen http://www.breachbytes.com/2008/02/28/the-three-rs-of-incident-response-respond-recover-and-public-relations/#comment-211 Stephen Smoogen Sat, 01 Mar 2008 00:15:10 +0000 http://www.breachbytes.com/2008/02/28/the-three-rs-of-incident-response-respond-recover-and-public-relations/#comment-211 Yes I have to say public relations is one of those organizations you really have to get involved quickly.. and they need to be trained on how to handle it in a proactive matter. Like many other organizations, PR groups have a tendancy to want to hush it up and only answer when it has been needled out. That is usually too late into the situation and makes everything look worse. I wonder if the problem isn't really an IR4 issue. The 4th item that gets missed a lot is Renewal. What was learned from the incident? How can we respond better? This is one of those things that we always say we will get to, but rarely do so. There were a lot of times where IR teams are doing the same thing over and over because no one ever took the time to say "Why are all these machines getting infected? How can we lower that number? How can we measure that we are improving?" Its usually only after too much money has been lost that the core problems might be looked at.. while if an organization had looked at it on a month-by-month role they would have lowered that loss by putting in proactive steps. Yes I have to say public relations is one of those organizations you really have to get involved quickly.. and they need to be trained on how to handle it in a proactive matter. Like many other organizations, PR groups have a tendancy to want to hush it up and only answer when it has been needled out. That is usually too late into the situation and makes everything look worse.

I wonder if the problem isn’t really an IR4 issue. The 4th item that gets missed a lot is Renewal. What was learned from the incident? How can we respond better? This is one of those things that we always say we will get to, but rarely do so. There were a lot of times where IR teams are doing the same thing over and over because no one ever took the time to say “Why are all these machines getting infected? How can we lower that number? How can we measure that we are improving?” Its usually only after too much money has been lost that the core problems might be looked at.. while if an organization had looked at it on a month-by-month role they would have lowered that loss by putting in proactive steps.

]]> Comment on Switches welcoming NetFlow, security features by Roland Dobbins http://www.breachbytes.com/2008/01/30/switches-welcoming-netflow-security-features/#comment-199 Roland Dobbins Sat, 23 Feb 2008 11:29:19 +0000 http://www.breachbytes.com/2008/01/30/switches-welcoming-netflow-security-features/#comment-199 FYI, NetFlow has been available in Cisco's 6500 switches since their introduction. Same for the 4500 series. FYI, NetFlow has been available in Cisco’s 6500 switches since their introduction. Same for the 4500 series.

]]>