os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Transcription improvements made for hire through Amazon Mechanical

Browse source 
Turk.

Sponsored by:	FreeBSD Foundation
This commit is contained in:
Murray Stokely 2010-02-06 21:26:56 +00:00
parent a32dc77814
commit f2a3b4d0f3
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=35337
1 changed files with 57 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

114
en_US.ISO8859-1/captions/2009/dcbsdcon/bejtlich-networksecurity.sbv
View file

@ -87,7 +87,7 @@ weve lost like three hundred billion in market cap over
the last year its been an exciting ride
0:01:22.110,0:01:25.230
the ads general electric we get three hundred thousand users
the ads General Electric we get three hundred thousand users
0:01:25.230,0:01:28.360
um just a few security issues as you might
@ -137,11 +137,11 @@ please let me know
0:01:56.320,0:01:59.179
what Im going to describe isnt exactly what I do
with general electric
with General Electric
0:01:59.179,0:02:02.390
or at least it's not officially what I do at general
electric
or at least it's not officially what I do at General
Electric
0:02:02.390,0:02:06.950
but you can imagine that I just dont come up with
@ -234,7 +234,7 @@ if you think about health well you might say
hows your blood pressure
0:03:25.719,0:03:27.940
well its under one hundred and twenty over eighty
well its under 120 over 80
0:03:27.940,0:03:29.659
that's sort of one data point
@ -393,13 +393,13 @@ have an earnings report appear on the network share or
on a peer-to-peer network somewhere
0:05:22.669,0:05:25.949
that's that's an ouput that means you had a failure somewhere
that's an ouput that means you had a failure somewhere
0:05:25.949,0:05:28.069
do you have a system or network thats unavailable
0:05:28.069,0:05:29.720
due to a Ddos attack
due to a DDoS attack
0:05:29.720,0:05:31.060
these are all outputs so
@ -412,7 +412,7 @@ I really don't care so much about that I think
these can influence these
0:05:36.459,0:05:40.539
these are the things that I I care about
these are the things that I care about
0:05:40.539,0:05:44.129
and just to step a
@ -442,8 +442,8 @@ developers here is that in the last talk there was
lots of discussions about
0:06:01.030,0:06:05.289
you made this change and you get a five percent difference
or you made this change and you get a ten percent difference
you made this change and you get a 5% difference
or you made this change and you get a 10% difference
0:06:05.289,0:06:07.019
none of that happens in security
@ -606,7 +606,7 @@ and then you orient and you figure out well where am
I in relation to where the bad guys are
0:07:57.409,0:08:02.359
then you make a decision like okay is theres a bad guy
then you make a decision like okay theres a bad guy
I better roll over and shoot it down
0:08:02.359,0:08:04.269
@ -663,7 +663,7 @@ so this is probably my favorite description
of security period
0:08:45.120,0:08:49.830
my aplogies to my European friends this
my apologies to my European friends this
is the football poll security
0:08:49.830,0:08:54.710
@ -701,20 +701,20 @@ while meanwhile you could be completely all about
something different
0:09:15.680,0:09:19.650
and I first started thinking about this in 2000 2001
and I first started thinking about this in 2000-2001
0:09:19.650,0:09:21.800
where there were some guys in Finland
0:09:21.800,0:09:27.060
who did this huge innumeration they were doing some of the
who did this huge enumeration they were doing some of the
first fuzzing work against SMTP
0:09:27.060,0:09:27.849
it was called the
it was called
0:09:27.849,0:09:29.000
protos toolkit
The Protos Toolkit
0:09:29.000,0:09:32.140
and they did all this work in and they found that
@ -779,7 +779,7 @@ paying attention to your own employees youre violating
their rights and their privacy
0:10:13.750,0:10:15.100
and meanwhie you got like
and meanwhile you got like
0:10:15.100,0:10:16.899
Romanians and Russians and Chinese and
@ -893,7 +893,7 @@ maybe you just have robots or something right don't they
dont complain
0:11:49.920,0:11:50.850
So anwyay wow
So anyway wow
0:11:50.850,0:11:51.909
that came out of nowhere
@ -974,13 +974,13 @@ the general process is I identify my trust boundaries
I apply some instrumentation
0:12:41.280,0:12:43.620
and then I collect analyse and escalate
and then I collect analyze and escalate
0:12:43.620,0:12:46.000
%uh collect meaning I get the information
0:12:46.000,0:12:48.420
analyse I look at it figure out what it means
analyze I look at it figure out what it means
0:12:48.420,0:12:48.889
escalate
@ -1125,7 +1125,7 @@ and its funny people have probably heard about building security in
0:14:38.570,0:14:42.620
that's like trying to make things more secure
have been trying to do that for like twenty years
have been trying to do that for like 20 years
0:14:42.620,0:14:44.240
it just doesn't work
@ -1199,7 +1199,7 @@ closely with the guy does the cloudsecurity.org
blog
0:15:40.870,0:15:44.800
and %uh he's he's a fellow employee with
and %uh he's a fellow employee with
me is that we always considering this because
0:15:44.800,0:15:45.380
@ -1218,7 +1218,7 @@ window to the cloud
is an SSL encrypted pipe
0:15:53.530,0:15:58.430
%um it doesn't help me too much to inpsect it at the
%um it doesn't help me too much to inspect it at the
network level right
0:15:58.430,0:16:00.129
@ -1232,10 +1232,10 @@ oh boy thats really happening
0:16:04.650,0:16:10.110
try getting good logs out of any of the cloud buyers
it is absolutely horrible they they don't
it is absolutely horrible they don't
0:16:10.110,0:16:14.150
they don't want to store them they don't want
want to store them they don't want
to provide you the data in any format thats useful
0:16:14.150,0:16:17.710
@ -1268,7 +1268,7 @@ and you know got control of some of our systems and
so forth
0:16:36.600,0:16:38.400
virtualisation is obviously an issue
virtualization is obviously an issue
0:16:38.400,0:16:40.100
%um if you think about
@ -1318,7 +1318,7 @@ so
I mean it could be
0:17:09.490,0:17:11.390
somewhere else in the united states obviously but for
somewhere else in the United States obviously but for
0:17:11.390,0:17:14.449
the most part like if someone were to compromise
@ -1512,10 +1512,10 @@ comes from
the first network based IDS that taught
0:19:33.490,0:19:35.400
he wrote it in UC Davis in 89
he wrote it in UC Davis in 1989
0:19:35.400,0:19:39.520
so this is wow thats twenty years I feel
so this is wow thats 20 years I feel
freaking old right now
0:19:39.520,0:19:39.979
@ -1540,7 +1540,7 @@ is finally start to catch up with it
0:19:50.470,0:19:56.750
and they call them network forensic appliances
and they charge you fifty thousand dollars
and they charge you 50,000 dollars
0:19:56.750,0:20:02.110
for the enterprise thats right
@ -1578,7 +1578,7 @@ but we were doing this earlier
so I learned from people who invented this stuff
0:20:27.480,0:20:30.779
you know wow that's like fifteen years ago
you know wow that's like 15 years ago
0:20:30.779,0:20:35.279
alright so why network censors
@ -1752,13 +1752,13 @@ because if you're a good admin
you're not surfing
0:23:03.019,0:23:06.370
MySpace on your Windows server
MySpace on your Windows Server
0:23:06.370,0:23:08.070
right well youre not on a Windows server
right well youre not on a Windows Server
0:23:08.070,0:23:13.590
but well you can admin on a Windows server
but well you can admin on a Windows Server
but you know what I mean
0:23:13.590,0:23:16.710
@ -1872,7 +1872,7 @@ as opposed to
what a user platform is telling me
0:24:35.180,0:24:35.980
so if Im
so
0:24:35.980,0:24:37.799
if Im on a user platform
@ -1897,7 +1897,7 @@ alright we have a problem here
so this is why I like
0:24:51.120,0:24:54.020
to itroduce these sorts of devices
to introduce these sorts of devices
0:24:54.020,0:24:55.070
let me talk a little bit
@ -2075,7 +2075,7 @@ I don't run the one sytem I expose in my home lab
is not an Intel system
0:27:04.310,0:27:06.940
it's a Mac mini
it's a Mac Mini
0:27:06.940,0:27:08.550
and its running Debian on top
@ -2348,7 +2348,7 @@ in fact there was one
0:31:06.470,0:31:11.210
he did a concert once actually he didn't
do a concert he attended somebody elses concert
do a concert he attended somebody's else concert
0:31:11.210,0:31:15.190
and I don't know who it was like Johnny Cash or something
@ -2419,8 +2419,8 @@ so that's the end of the line
right at this point hes got two options he can either ignore it
0:32:05.940,0:32:10.240
or he can satisfy his fifteen minute SOA that his customer
pays three thousand dollars a month
or he can satisfy his 15 minute SOA that his customer
pays $3,000 a month
0:32:10.240,0:32:10.860
for
@ -2543,10 +2543,10 @@ Ill date myself but in 1998
intruders in China
0:33:39.509,0:33:41.049
who had writtten their own
who had written their own
0:33:41.049,0:33:44.010
virtualisation platform on top of Solaris
virtualization platform on top of Solaris
0:33:44.010,0:33:46.159
who were doing stuff we were like holy cow
@ -2755,7 +2755,7 @@ my servers are in Maryland
0:36:20.819,0:36:23.099
yes Im an ISP what happens when I get stuff from
Massachussetts or California and theyre going you cant do that
Massachusetts or California and theyre going you cant do that
0:36:27.329,0:36:28.269
yes okay so theres two things
@ -2855,7 +2855,7 @@ everything that Ive shown here
you could literally walk out of here
0:37:48.249,0:37:50.619
go into the freeBSD ports tree find a SGUIL ports
go into the FreeBSD ports tree find a SGUIL ports
0:37:52.119,0:37:54.840
do your make I mean the ports are a little ugh
@ -3029,7 +3029,7 @@ output of an ID command on Unix
where the result was
0:40:14.779,0:40:16.179
UID zero
UID 0
0:40:16.179,0:40:19.529
is that good or is that bad I mean youd probably say that sounds bad
@ -3271,7 +3271,7 @@ and secondly if he does
0:43:29.130,0:43:33.189
can we release so we're trying to work
out those I think it'll be resolved postively
out those I think it'll be resolved positively
0:43:33.189,0:43:35.119
because we're GEs actually fairly pro-open-source
@ -3456,10 +3456,10 @@ real Snort rules fades
so whereas
0:46:24.309,0:46:26.510
five years ago it might have been like ninety percent
five years ago it might have been like 90%
0:46:26.510,0:46:28.619
these days it's like twenty five percent
these days it's like 25%
0:46:28.619,0:46:35.619
so they probably can pull in a certain percentage
@ -3496,8 +3496,8 @@ just what we can afford as far as hard drive spaces go
my last budget
0:47:11.769,0:47:15.319
I could only spend about twenty five hundred
to three grand per sensor
I could only spend about 2,500
to 3,000 per sensor
0:47:15.319,0:47:18.949
which limited me to about one to
@ -3700,7 +3700,7 @@ and then you start investigating
and the reason I do this approach is because its cheap
0:50:10.190,0:50:14.099
you know twenty five hundred dollar commodity hardware
you know twenty $500 commodity hardware
open source software
0:50:14.099,0:50:15.820
@ -3771,7 +3771,7 @@ put it that way
as far as FreeBSD goes specifically
0:51:10.930,0:51:14.229
theres som like minor things that make my
theres some like minor things that make my
life better
0:51:14.229,0:51:18.349
@ -3814,7 +3814,7 @@ is opening up a BPF
you can track performance with the what was it
0:51:40.109,0:51:41.609
net stat dash B
netstat -B
0:51:41.609,0:51:42.400
capital B
@ -4213,14 +4213,14 @@ and so finally I said this guy is all over the space hes in
California he's using the UUnet
0:57:35.449,0:57:38.170
the Uunet blocker however theyre signing theyre signing
the UUnet blocker however theyre signing theyre signing
the IPs
0:57:38.170,0:57:41.390
it's just all over the place we're blocking Uunet
it's just all over the place we're blocking UUnet
0:57:41.390,0:57:43.799
all of Uunet to the air force
all of UUnet to the air force
0:57:43.799,0:57:44.790
so
@ -4343,7 +4343,7 @@ honey pots are things that are good to run if
one youre researcher or two you have a lot of time on your hands
0:59:32.119,0:59:36.039
because I have like a network of three hundred thousand
because I have like a network of 300,000
honey pots
0:59:36.039,0:59:38.479