Wednesday, May 2, 2007

Joanna and Mr. Chuvakin

Today I read a post in Anton Chuvakin's blog about a post from Joanna Rutkowska. He was caught by the "risk assessment pseudo-science", what also caught my eye on those posts. She reminds us that even if you could solve the "human factor", you still can be compromised by technical issues, like zero days.

Some might say that this is just FUD. I partially agree with that. However, I think it's extremely important to make people remember to avoid focusing on only one side of the triangle (Process, People, Technology). You should try to reduce risk from all of them. Ok, maybe you can't avoid zero days, but you must be prepared to deal with them. Reduces user privileges, network with firewalls and ACLs with a good "deny by default" approach and a good monitoring and detection process/infrastructure. Richard Bejtlich and Chuvakin are very good sources of information about that, even if each uses a different approach (Network monitoring / Logs). They are complementary.

If you still don't do that, start reading Anton Chuvakin's blog. He wasn't posting a lot for a long time, but he's back to the blogosphere with full throttle. The posts from my blogroll on the last weeks have come from him.

No comments:

Post a Comment