Hackin9

NSA CIA Public Keys
Cryptome.org
pub 1024D/5D4690C3 2003-04-10 Grant M. Wagner <[email protected]> Grant M. Wagner <[email protected]> Wagner, Grant </o=R2/ou=INFOSEC/cn=Recipients/cn=infosec_users/cn=gmw> Fingerprint=5574 881D 8E2D B8EC 2E8D A5C0 B441 ...

 

Today's security tools used to analyze or detect suspicious activity, collect metadata which is usually refers to data about data to describe the how, when, where and who was involved. Metadata is a way of organizing, gluing together and discovering information that otherwise would be very difficult to manage, analyze and produce insightful reports.

It involves using a tool or a series of tools against other data to extract key components. It can be something as simple as the information stored in a picture (i.e. size, color content, resolution) or as complex as the information that can be parse out of TCP/IP traffic (i.e. source/destination addresses and ports, email address, website name, etc.). Computer forensics is another example of very complex metadata collection since it involves taking a device (USB stick, hard drive, etc.) and parsing every bit of content to be able to search and report on its content.

How much metadata is enough in security? There are a lot of tools out there either commercial or freeware that can be used to collect metadata to analyze network attack or system compromised. What is interesting is the fact there are many standards established for various disciplines but none of which seem to apply to network security. They can be viewed here.

All the tools used today to protect a network generate some form of metadata, whether it is a NIDS/NIPS, firewall, proxy, DNS server, etc., all produce data that can be aggregated into a Security Information and Event Management (SIEM). The metadata stored in a SIEM is used to yield insights into patterns of suspicious activity, produce trends and hopefully prevent or limit the damage early.

In the end, we all collect some form of metadata but is it useful or enough?

[1] http://en.wikipedia.org/wiki/Metadata_standards
[2] https://isc.sans.edu/diary/Collecting+Logs+from+Security+Devices+at+Home/14614

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft has reached an agreement with former Windows chief Steven Sinofsky -- ousted from the company last November -- that will award him stock worth more than $14 million, according to an SEC filing.
 

Microsoft released its pre-announcement for the upcoming patch Tuesday. The summary indicates 7 bulletins total, 6 are critical all with remote code execution and 1 Important. The announcement is available here.

[1] http://technet.microsoft.com/en-us/security/bulletin/ms13-jul

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In the week ending 6 July - the 3.10 Linux kernel and Fedora 19 are released, Ubuntu's Mir plans raise eyebrows, the first Firefox OS phones arrive in the market, and German intelligence services are spying on the country's backbone
    


 
Motorola and Google say in a new ad their upcoming Moto X phone will be designed by users. Columnist Mike Elgan says what he thinks they're planning.
 
Venezuela's president Nicolas Maduro has offered to give asylum to Edward Snowden, the former contractor of the National Security Agency who leaked documents about the agency's surveillance programs.
 
Internet Storm Center Infocon Status