InfoSec Triads: Cost/time/functionality

Following InfoSanity’s recent (and unexplainable) focus on triads in previous posts is the relationship between cost, time and functionality. In an ideal world all projects would have enough resources and realistic timescales to develop all required functionality to the highest level of quality. However in the real world this is rarely achievable when working with external constraints. Therefore in any project compromises are inevitable.

mimic-nepstats_v1-1.py

Around a month ago Miguel Jacq got in contact to let me know about a couple of errors he encountered when running InfoSanity’s mimic-nepstats.py with a small data set. Basically if your log file did not include any submissions, or was for a period shorter than 24hours the script would crash out, not the biggest problem as most will be working with larger data sets but annoying non the less.

OWASP at Northumbria Uni – June 2010

June 16th marked the first time the Open Web Application Security Project’s (OWASP) Leeds/Northern Chapter ran an event at Northumbria University, meaning it was the first time I was able to attend. Overall I really enjoyed the event, I’m hoping that the Leeds/Northern OWASP chapter decide to run more events within Newcastle, but if not it’s convinced me that the events are worth the time and cost to travel down to the other locations. Always good to discuss infosec topics face to face with some really knowledgeable people.

Breaking into the loop

Jacob (@BiosShadow), has released his first blog post, Being out of the Loop, since we were paired up and it has struck a chord with my own experience with similar problems and got me thinking at the same time. To sum up Jacob’s post he his frustrated that there is no active infosec community within a reasonable distance of his location. I can relate to this sentiment; when beginning the slow road towards an infosec career, before I was even aware a legitimate career in the field was possible, my own interactions and learning opportunities were limited to reading books or online articles.
For my part: If you’re in the North East of England (or general area) get in touch and let me know, always keen to discuss information security with anyone willing to listen.

Amun statistics

Amun has been running away quite happily in my lab since initial install. From a statistic perspective my wor has been made really easy as Miguel Cabrerizo has previously taken one of the InfoSanity statistic scripts written for Nepenthes and Dionaea and adapted it to parse Amun’s submission.log files. If you’re wanting to get an overview of submissions from another Amun sensor the script has been uploaded alongside the other InfoSanity resources and is available here.

Starting with Amun

No single technology can do or handle every situation; the same holds true with honeypot sensors which is why I’m always interested in finding new systems to add to my environment. I’d had Amun on my list of potentials for a while, but after reading a short blog post that suggested install and setup was relatively quick and painless, it got moved up the to-do list.