[Dshield] Security in Layers

John Holmblad jholmblad at aol.com
Thu Mar 25 23:21:46 GMT 2004


Tonni/John,

I suspect that you will find,  as I have among the infosec informed at 
Microsoft, a wide range of opinions on INFOSEC best practices. Most of 
these opinions, from what I can tell are in reasonably close alignment 
with SANS thinking but there are others of which vary from SANS views. I 
know from a conversation that I had with Jesper Johanssen a few months 
ago when I asked for his thoughts on the CIS scoring tool that he has 
reservations about attempts to provide such quantitative scores. I 
disagree with his opinion and having myself gone through the SANS W2K 
training on that tool I am completely sold on the tool's value and 
utility and I hope that the CIS gets additional financial resources to 
continue its mission of developing quantitative measures and measurement 
systems pertaining to the security of IT systems. From a speech several 
months ago that Alan Paller, research director at SANS gave to a US 
government audience I got the clear sense that he also believes it is 
high time to develop more such quantitative and objective measures of 
security  than those which are currently available. Whether this 
translates into more funding for groups like the CIS I don't know but I 
hope so because I think such org's have an important role to play in the 
INFOSEC community


I should add that other industry voices have expressed concern about the 
complexity of managing an IDS environment so in that sense Jesper 
Johanssen is not a lone voice although he may be in the minority.  
Recall the following ruckus from last summer (now old news) after 
Gartner's declaration of the death of IDS:

    
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci905961,00.html

In fact for small and medium enterprises, an outsourced monitoring 
solution (e.g. Counterpane - www.counterpane.com) might be more cost 
effective than having inhouse IDS/IPS expertise and systems.

-- 

Best Regards,

 

John Holmblad

 

Televerage International

GSEC,GWCIN,GGSC-0100

 

(H) 703 620 0672

(M) 703 407 2278

(F)  703 620 5388

 

primary email address:  jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

www page:                     www.vtext.com/users/jholmblad

text email address:        jholmblad at vtext.com




More information about the list mailing list