Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

What's on your network?

Published: 2009-03-15
Last Updated: 2009-03-15 12:25:00 UTC
by Lorna Hutcheson (Version: 1)
3 comment(s)

I was looking though my Spam folder this evening to see if there was anything interesting in there.  Of course I found some of your "standard" phishing attempts that we have come to accept as "normal".  While looking at these I got to thinking about how some of them, just from viewing the email (if using html like many do), would serve you content pulled from websites you never clicked on.  In essence, unsolicited requests, would be leaving your network.  This led me to think about software that "phones home" and I realized it had been a while since I had heard about any. 

I thought I must be missing something, but sure enough my Google search turned up empty for anything in the last few months.  So now the real question comes to my mind.  Is that because there is nothing "phoning home" or is it because our networks are so large with so much traffic that no one knows what is on their network anymore?  I subscribe more toward the latter. I think majority of people (and their management) feel there is simply not enough time to figure out what all the traffic really is and they have tools to automate things so they don't have to know cause the tools do it all for them.

This really concerns me because software products are being released constantly.  How much testing really goes on for them?  How much hidden functionality really exists?  How do you know if your software is doing what it should do?  Egress filtering is more important than ever to securing your network.   Too often you find people know enough to get the software up and running but that is about it. 

So I have a couple questions I'd like to get feedback on:

  • Is there no software phoning home anymore or are we just missing it?
  • What steps do you take to ensure the software on your network is only talking to and doing what its documented to do?

 

Keywords:
3 comment(s)
Diary Archives