Security, Lead - Steve Smith
Members: Mark, Dale, Cyril, Roger SiggsMarch 30, 2006
Continuing to evaluate the Blink IPS. eEye has sent a new 30-day license key since the previous eval included Spring Break. Planning to test on Windows servers and admin workstations to evaluate effectiveness and look for negative impact. Still need to try out the management console to configure multiple hosts and host groups. Maintaining communication with 3rd-party vendor who is eager to help."Nepenthes" is now built and running on one Linux host. It's a malware collector that will give greater insight on network scanning activity that makes it into our network. I hope to compare and contrast it with data collected by BackOfficerFriendly (on Win95), which is running on another subnet.
March 2, 2006
No major team security collaboration to report. I'm being stalked by two vendors who want us to give them money. One has a proxy that claims to protect Oracle applications and web apps in general. The other is a reseller for Blink (eEye).Blink: I pointed out to the vendor, then the reseller that Blink is a complex product. I asked if they had a template, paper, or other advice on how the product might be configured for different roles such as AD server, web server, Coldfusion, Oracle, etc. I also noted how turning on "all" settings would result in an unusable systems, and turning on none of the features results in being 0wned.
They deem my request a startling, unique concept. The vendor doesn't have any such materials and suggested the reseller would help. The reseller believes this would constitute "consulting" and requires us to buy their services. It would be safe to say that the Blink trial is proceeding slowly. When we speak next I'll explain to the reseller that there's no possibility of "buying" the product unless we can test it first.
February 23, 2006
obstacles/barriers to progress.I'm on 4 teams. In reality, I'm working somewhat awkwardly with 2 teams via email and brief discussions. I'm wondering where, when and how the other 2 teams met, talked, worked or otherwise made the progress that's being reported in the weekly update. In my opinion, the teams are too big and we're each on too many of them to be effective.
I think that all of our regular duties plus 2 teams on a tight deadline is quite enough to keep anyone stressed out, distracted and religiously buying lottery tickets.
Are y'all using the Helpdesk software to wonderful advantage, or some other trick collaborative, time-expanding gizmo that I'm not aware of?
February 15, 2006
The group has started discussing some issues via email and gained a new member. It was suggested that email is preferred over meetings whenever possible.It was proposed that "if/when each of us attend a project meeting we look for the security implications and summarize them to this group via email." No objection was stated.
Cyril, Dale and Steve watched/listened to a "Webex" of Blink from eEye Security. There was consensus that it may be useful in securing Windows servers. A full-feature demo of Blink, the management console and a load of pdf documents have been downloaded to continue the evaluation.
Issues under discussion include challenges in securing OCS, and transitioning DNS services.
February 2, 2006
We haven't met as a group yet. I see establishing an interface with the other groups as our most pressing challenge. One or more members of the Security group are on all but two of the current list of teams (missing Communications and Change Control). Another challenge to consider is the currently ambiguous extent of our authority to influence the other projects.Another challenge is identifying technological solutions to improve network protection, monitoring and security. I'm evaluating a commercial host-hardening solution that may be appropriate for deploying on the proposed Windows servers and possibly, budget willing, workstations.
I'm also reading up on two System Integrity Monitors: Osiris and Samhain.
