Things that make you go hmmm…
I just read a fantastic post by David Chris Hoff on his Rational Security blog, where he discusses the ongoing debate about where the focus of security should be; the network or the host.
Its a great read and only slightly long but with good reason. He’s packed in a lot of good points that seem well founded and well thought out.
Currently we’re focusing on both; we’re bringing IPS and UTM units online to harden the network and we’re bringing HIPS and GPO controls online to harden the hosts. After-all, its a great debate about which will dominate the art in the future; host-based or network-based security. However, in the here-and-now neither have gelled into anything significantly tangible that preclude the other. So while you research and debate it, my advice is to sprinkle a bit of both disciplines into your security infrastructure.
One of my favorite buzz-terms in his article; extrusion prevention. I’ve been harping this since, well, since I started blogging about security and its something I firmly believe in. Containing your network is just as important as keeping the bad guys out of it. For one reason, you’ll likely stop a lot of escalation techniques, such as phoning home and awaiting commands using a C&C channel. You’ll also reduce upstream liability from your hosts trying to compromise other hosts.
I also recommend you shoot over and read the Ten Commandments of the Jericho Forum after you’ve read Hoff’s piece.
All good stuff!
I think you’d better change that to “Chris Hoff”. “David Hoff” sounds dangerously close to Knight Rider/Mitch.
He’s a good guy, but you don’t want to get on the wrong side of his sarcasm… from experience.
By Rob Newby on 05.29.07 5:29 am
Michael- I think you mean Chris Hoff. It must be that bad beer! Speak to you soon.
By alan shimel on 05.29.07 6:38 am
Michael’s just confusing Chris and David Hasselhoff. It’s easy to do.
By Alex on 05.29.07 7:12 am
I am a bit more supportive of the network being more important as we move forward. I’ve not read Hoff’s post yet, but I think the host is harder because the OS keeps changing every few years. Everyone that has secured the host for Win XP has all new rules and things to learn with Vista. The network has stayed much more stable for decades, which has led to what feels like more maturity in the field.
Of course, ipv6 is still coming which will be a big change. And the whole “net neutrality” or “should ISPs do more for security” could change this all up too.
I’m with ya, though, sprinkle in some of both for a better approach.
By LonerVamp on 05.29.07 7:19 am
In reading the Jericho Forum link you posted, of course I realize that we can’t even begin to agree about such things as deperimeterization…let alone whether security will move to the host or server or where it should be.
By LonerVamp on 05.29.07 7:23 am
And here I thought David Hasselhoff moved from red swimming trunks and slugging women to blogging about information security.
Thanks everyone for bursting my bubble.
By Michael on 05.30.07 2:08 am
@Lonervamp:
For the last 2-3 years, I’ve reacted allergically to the Jericho Forum’s message — to be specific, the abrasive notion of “deperimeterization marketing” but not the actual concepts.
If you read the other post I made regarding Vista, you’ll see that this concept is now quite real…as you alluded to with IPv6…
Get rid of the fancy verbs describing what the JF boys are mentoring and it makes a lot of sense.
I have changed my perspective on this.
/Hoff
By Christofer Hoff on 06.01.07 7:51 pm
[...] MCWResearch Blog [...]