Medium Difficulty Security

I have been thinking about the PaulDotCom argument that good security is hard. Obviously it is. Application Whitelisting is way harder than AntiVirus from a deployment perspective. I’m going to try some compromises that are medium difficulty. My goal is for these to be a stepping stone towards the hard changes.

My first change is implementing honey IP ranges and honey DNS entries as a stepping stone towards full honeypots. I’ve already got the easy monitors for network scanning. They are pretty worthless. I entered requests to get a couple blocks of IP ranges reserved across the network. I asked for ranges mixed in to various user environments, server evironments, etc. I’ve also got DNS entries reserved. Some are straight from the dnsrecon list, others are custom based on the business as well as key employees. I don’t have honeypots yet, but this seems like a decent start.

My second change is that I’m investigating web filter whitelisting for non-standard domains. I’ve already got the dynamic services (no-IP, dyndns) blocked with a few exceptions. My next step is going to be to do the same for the under-used TLDs. If it isn’t com, net, edu, gov, or mil, I am considering a whitelisting approach. So for instance, we have no business in Libya. Ly will be blocked with the exception of bit.ly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s