Everyone here is freaking out. Reinstall is the same as not having updated in 9 months. Everyone who said make sure you do it behind a hardware firewall ain't kidding. Other than that, no need to re-install unless you think there's something on it (which isn't likely, seeing as you haven't connected it in 9 months!)
Steve
While everything you say is true, I submit that it is not a full view of the picture. I've been studying IPS for over a year now for a government study that has recently been given the go ahead for a large scale pilot program.
Modern IPS do more than Snort does, which is more or less signature detection (please, I'm aware of the protocol anomaly stuff Snort does, but let's be honest with ourselves and say that it is limited in scope). IPS today have the concept of a "Vulnerability Filter" or "Virtual Patch" which actually understands the context of the vulnerability it is detecting, and as such is able to detect/prevent attacks with a level of granularity that is beyond simple pattern matching.
The ability to understand application protocols (Layer 7 especially) is something that evades Snort and past IPS solutions.
Admittedly, IPS is not perfect, but this is something to think about.
TINAPE (This is not a product endorsement), but I'd recommend http://www.tippingpoint.com/ as a good place to get literature on this!
Amazing...still doesn't get it after all of these years. What an ego.
How was this moderated up?
Did he really just say that about one of the richest men in the world??? Did that really just happen? Yeah, that 50 billion really shows how incompetent he is.
Army lost last year not because of a successful outside attack but from a self-inflicted wound in which an authorized network user accidentally knocked out service for several hours, costing precious points that helped Air Force prevail.
Well, that's not exactly what happened. I was a member of the Air Force Academy's team. I don't want to give too much away because you never know who will be reading this, but the Air Force's Team didn't have a SINGLE break-in during the entire excercise. Even when we were ordered to take down our firewalls on the last day, all of our machines were locked down (even the requisite Windows Boxen) that there were no compromises. The Red Team wasn't even able to perform a 100% successful DOS attack
The exercise was basically run like this. Every team was given more or less the same hardware/# of machines to use to defend their network. You were allowed to use any operating system you felt was necessary, although a certain number of Windows machines had to be on the network. Each team had to provide a variety of services, including local account, local mail for members of the red team, web servers, database services, mail, DNS and FTP. SFTP was not allowed, so you had to be creative in your security.
Services were measured by downtime - a service could go down for a specific amount of time before points were taken away. The points were on a subjective scale based on amount of downtime, how you remedied it, etc.
It should ALSO be noted that this is an exercise that resides purely in Academia - it's an exercise between a bunch of different service academies, which is NOT the same thing as the operational United States military
All in all, it was an EXTREMELY exciting exercise, lots of attacks were thwarted, many cans of Mountain Dew were imbibed. We laughed a little, cried a little, heck we even learned a little.
Slashdot Mirror
Heck yes! My very first Boingo show was their last, unfortunately, but I'd like to think there's a Clown of Death in each of us...
One might argue it's twice as hard, really...
Here's a plug:
http://www.meganslankard.com/
http://www.themundaze.com/
Enjoy!
Everyone here is freaking out. Reinstall is the same as not having updated in 9 months. Everyone who said make sure you do it behind a hardware firewall ain't kidding. Other than that, no need to re-install unless you think there's something on it (which isn't likely, seeing as you haven't connected it in 9 months!)
Steve
While everything you say is true, I submit that it is not a full view of the picture. I've been studying IPS for over a year now for a government study that has recently been given the go ahead for a large scale pilot program.
Modern IPS do more than Snort does, which is more or less signature detection (please, I'm aware of the protocol anomaly stuff Snort does, but let's be honest with ourselves and say that it is limited in scope). IPS today have the concept of a "Vulnerability Filter" or "Virtual Patch" which actually understands the context of the vulnerability it is detecting, and as such is able to detect/prevent attacks with a level of granularity that is beyond simple pattern matching.
The ability to understand application protocols (Layer 7 especially) is something that evades Snort and past IPS solutions.
Admittedly, IPS is not perfect, but this is something to think about.
TINAPE (This is not a product endorsement), but I'd recommend http://www.tippingpoint.com/ as a good place to get literature on this!
How was this moderated up?
Did he really just say that about one of the richest men in the world??? Did that really just happen? Yeah, that 50 billion really shows how incompetent he is.
Sigh, I'll probably get lambasted for this, but...
[You get]...what you pay for.
Like open source?
C'mon guys, consistency is key...
Well, that's not exactly what happened. I was a member of the Air Force Academy's team. I don't want to give too much away because you never know who will be reading this, but the Air Force's Team didn't have a SINGLE break-in during the entire excercise. Even when we were ordered to take down our firewalls on the last day, all of our machines were locked down (even the requisite Windows Boxen) that there were no compromises. The Red Team wasn't even able to perform a 100% successful DOS attack
The exercise was basically run like this. Every team was given more or less the same hardware/# of machines to use to defend their network. You were allowed to use any operating system you felt was necessary, although a certain number of Windows machines had to be on the network. Each team had to provide a variety of services, including local account, local mail for members of the red team, web servers, database services, mail, DNS and FTP. SFTP was not allowed, so you had to be creative in your security.
Services were measured by downtime - a service could go down for a specific amount of time before points were taken away. The points were on a subjective scale based on amount of downtime, how you remedied it, etc.
It should ALSO be noted that this is an exercise that resides purely in Academia - it's an exercise between a bunch of different service academies, which is NOT the same thing as the operational United States military
All in all, it was an EXTREMELY exciting exercise, lots of attacks were thwarted, many cans of Mountain Dew were imbibed. We laughed a little, cried a little, heck we even learned a little.