
Tao Security
4,975 FOLLOWERS
Richard Bejtlich's blog on digital security, strategic thought, and military history.
Tao Security
1M ago
Happy birthday TaoSecurity Blog, born on this day in 2003!
The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020. It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of that PDF-based fixed format nonsense.
Each book is a theme-centric collection of posts with new commentary for each entry. Some of what I wrote stood the test of time, and some did not. See what you think. Or, just scroll backwards through this site.
Thank you to Blogspot and Google for hosting ..read more
Tao Security
4M ago
Probably once a week, I see posts like this in the r/Ubiquiti subreddit. Ubiquiti makes network gear that includes an "IDS/IPS" feature. I own some older Ubiquiti gear so I am familiar with the product.
When you enable this feature, you get alerts like this one, posted by a Redditor:
This is everything you get from Ubiquiti.
The Redditor is concerned that their system may be trying to compromise someone on the Internet.
This is my answer to how to handle these alerts.
==
This is another example of this sort of alert being almost worthless for most users.
The key is trying ..read more
Tao Security
7M ago
On this day in 2004, Addison-Wesley/Pearson published my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection.
This post from 2017 explains the differences between my first four books and why I wrote Tao.
Today, I'm always thrilled when I hear that someone found my books useful.
I am done writing books on security, but I believe the core tactics and strategies in all my books are still relevant. I'm not sure that's a good thing, though. I would have liked to not need the tactics and strategies in my book anymore. "The Cloud," along with so many other dev ..read more
Tao Security
9M ago
When I was a sophomore in high school, from 1987 to 1988, my friend Paul and I had Commodore C64 computers. There was a new graphical user interface called GEOS that had transformed the way we interacted with our computers. We used the C64 to play games but also write papers for school.
One day Paul called me. He was clearly troubled. He had somehow dragged his newly completed term paper into the trash bin instead of the printer. If I recall correctly, back then they were right next to each other (although the screen shot above shows them separate).
Paul asked if I knew any tricks that ..read more
Tao Security
1y ago
In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens. About a year later I exchanged emails with Mr. Stevens. Here is the last exchange, as forwarded from my AFCERT email address to my home email.
From "Capt Richard Bejtlich - Real Time Chief" Mon Sep 6 18:27:35 1999
X-Mozilla-Keys: &nbs ..read more
Tao Security
1y ago
I wrote this on 7 December 2018 but never published it until today. The following are the "key network questions" which "would answer many key questions about [a] network, without having to access a third party log repository. This data is derived from mining Zeek log data as it is created, rather than storing and querying Zeek logs in a third party repository."
This is how I was thinking about Zeek data in the second half of 2018.
1. What networking technologies are in use, over user-specified intervals?
1. Enumerate non-IP protocols (IPv6, unusual Ethertypes)
&n ..read more
Tao Security
1y ago
Cybersecurity is a social and policy problem, not a scientific or technical problem. Cybersecurity is also a wicked problem. In a landmark 1973 article, Dilemmas in a General Theory of Planning, urban planners Horst W. J. Rittel and Melvin M. Webber described wicked problems in these terms:
“The search for scientific bases for confronting problems of social policy is bound to fail, because of the nature of these problems. They are ‘wicked’ problems, whereas science has developed to deal with ‘tame’ problems. Policy problems cannot be definitively described. Moreover, in a pluralistic society ..read more
Tao Security
1y ago
I want to make a note of the numbers of words and pages in my core security writings.
The Tao of Network Security Monitoring / 236k words / 833 pages
Extrusion Detection / 113k words / 417 pages
The Practice of Network Security Monitoring / 97k words / 380 pages
The Best of TaoSecurity Blog, Vol 1 / 84k words / 357 pages
The Best of TaoSecurity Blog, Vol 2 / 96k words / 429 pages
The Best of TaoSecurity Blog, Vol 3 / 89k words / 485 pages
The Best of TaoSecurity Blog, Vol 4 / 96k words / 429 pages
The total is 811k words and 3,330 pages.
Copyright 2003-2020 Richard Bejtlich and TaoSecurity ..read more
Tao Security
2y ago
Happy 20th birthday TaoSecurity Blog, born on 8 January 2003.
Thank you Blogger
Blogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security content that was born at the same time, or earlier. Bruce Schneier's Schneier on Security is the main one that comes to mind. If not for the wonderful Internet Archive, many blogs from the early days would be lost.
Statistics
In my 15 year post I included some statistics, so here are a few, cur ..read more
Tao Security
2y ago
I am now using Mastodon as a replacement for the blue bird. This is my attempt to verify myself via my blog. I am no longer posting to my old bird account.
Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com ..read more