Security Onion LiveCD is now available

Security Onion ??I read in Doug Burks’ tweet that his Security Onion LiveCD is now available for download. Being a serious Sguil fan, I can’t do anything but recommend you have a look at this new live distro.

You can download it from the following location:
http://distro.ibiblio.org/pub/linux/distributions/security-onion/

The following information is extracted from Doug’s Security Onion blog:

What is it?

The Security Onion LiveCD is a bootable CD that contains software used for installing, configuring, and testing Intrusion Detection Systems. [Read more…]

From Brussels to Amsterdam calling at London and Sydney

That’s been what I call my ‘SANS itinerary’ since I started this exciting journey back in June 2007. It all started at SANS Secure Europe, in Brussels, where I took my first SANS class with Jess Garcia, CEO of One eSecurity and a good friend of mine. It was SECURITY 508, System Forensics, Investigation & Response, an awesome track created by Rob Lee on one of the most interesting and hot topics of Information Security. It’s been almost two years since then, but now I realize the tremendous positive influence that event had in my career as a security professional.

Early on the first day, I could see that was a different kind of training, far different from all the training sessions I had attended before, including the well-known CISSP bootcamp and vendor specific training like Checkpoint‘s and others I took in the past. Unlike those, this was real hands-on training, with lots of exercises and challenges, including the use of several virtual machines and an arsenal of security tools you can take home with you. Also, the amount of material you receive throughout a 6-day course is awesome. Someone described it like “drinking directly from a fire hose”. Actually, I can’t describe it better.

Add to that a friendly, relaxed but yet professional atmosphere, and the multiple opportunities you get for both networking and sheer knowledge with attendees and instructors and you will understand why Brussels was only the start.

SANS Secure Europe 2007

With Carlos Fragoso and Richard Fadul at SANS Secure Europe 2007 in Brussels

[Read more…]

Discussion on LinkedIn Group: What is the best IDS system?

LinkedIn Security Leaders GroupThat was the question recently asked by a fellow security professional on the LinkedIn Security Leaders Group.

I’m not usually very excited about posting on LinkedIn Discussion Groups. On top of that, I don’t even have the time to blog anything on my own site. However, I could not resist to write a comment on that discussion about what the best IDS system is. Not when I read the following comment:

Actually the idea of an IDS system has been obsolete for a few years now. Given the latest events in the security area, there are plenty of traffic anomalies far more advanced than relatively-simple signatures out there to deal with.

The best approach nowadays is the IPS (Intrusion Prevention Systems) which would not only detect and inform IT management of the attack events but will also apply the necessary countermeasures to them. Most important of all, this must happen at wire-speed with ASIC-based systems.

[Read more…]