Internet Wide Scanners Wanted

Published: 2015-11-04
Last Updated: 2015-11-05 13:05:28 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

In our data, we often find researchers performing internet wide scans. To better identify these scans, we would like to add a label to these IPs identifying them as part of a research project. If you are part of such a project, or if you know of a project, please let me know. You can submit any information as a comment or via our contact form. If the IP addresses change often, then a URLs with a parseable list would be appreciated to facilitate automatic updates.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: research scans
3 comment(s)

Application Aware and Critical Control 2

Published: 2015-11-04
Last Updated: 2015-11-04 18:07:40 UTC
by Richard Porter (Version: 2)
0 comment(s)

Have you ever considered how many Critical Controls that your contextual (e.g. Next Generation) platform applies to? I bet it is more than you think. Consider your application aware platforms feature, in which it does deep layer 7 packet inspection and identifies applications. Wait a second, “I assumed” by inventory that the Control mean going around to every workstation and assessing what was installed? Sure, that is a critical component, but with application aware platforms, your ‘platform’ can quickly be turned into an audit device. Set up a span/mirror/tap on a spare port and assess VLANs. Pull reports on ingress/egress segments. This is all part of implementing critical controls.

First, you can run analysis and identify what applications and services are leaving your environment. Add on to that encryption inspection and then the platform becomes an effective shadow Information Technology (IT) audit device. Imagine for a moment business unit X, unit X we will call Marketing, for the moment (secretly I like to pick on marketing because they are maverick thinkers). Marketing decides they need a new website with ‘explosive’ new features. They know that ‘IT Security’ will ‘have a cow’ on this… but it will drive business, they say. Now, how many of us know this has either

A) Seen this

B) Had a colleague tell us

C) Can imagine

We will go one step further for this illustration and say super important Event Y is in 3 weeks. This event is the biggest XYZ event of our industry.

For this scenario we will even go a few strides further and say the event and the launch is a smashing success. Now ask yourself, does Marketing go back and update? Do they contract maintenance? Does all the regular order of what it takes to maintain an IT application occur? Who knows!

People drive business, features and function drive revenue to be sure! Now,  lets get back to Critical Control number 2, know thyself (e.g. Software). For sure, you should inventory what software is deployed in your environment. This would include more than what your contextual next genration platform can do, however lets stop for a moment? Some software stays local on systems, a great deal of software talks to the cloud. What if there was a platform that could pervasively identify … ‘wait setting myself up to well’ … Applications?  The platform can provide you insight into applications and services running in your environment and serve as an analysis platform. This can clearly aid in Critical Control 2 as well as serve as an audit and control platform.

Let us say there is a research and development network segment that needs inventory. There is an effort underway to assess, pragmatically, each workstation. Now imagine if you could have a view into what applications were in regular use? Application aware platforms is a Critical Control 2 enabler! 

Richard Porter

--- ISC Handler on Duty

0 comment(s)
ISC StormCast for Wednesday, November 4th 2015 http://isc.sans.edu/podcastdetail.html?id=4727

Comments


Diary Archives