Has anyone else seen a significant drop in virus counts from their email filter?  We had over 380 in November and December was at 25.  I have seen a trend from August with some decent drops but nothing as extreme as Decembers.  I guess one should be happy that there were almost no attempted attacks through email but I also don't want to find out our filter is not working properly.

As far as internal reports, everything is quiet.

Also if anyone has any decent trend resource sites to share, that would be great!

Good recap killjoy!  It was a great time, I can't wait for the next one and hope it is up my way, that 4 hour drive was rough!   But sooo worth it!!

It was tough trying to pick the talks.

Daemon was excellent!  Made me think wow!  this could actually be semi-plausible.  Well not all of it but the programming behind the original daemon.  Have a program constantly scouring the net for media related to ones own death and then have it trigger other programs based on conditions.  Wild stuff!! I can see how Freedom won't be as good but yeah I too need to read it just to find out what happened.

But yeah I hear you about needing the refresh.  My latest was a new job and the first official Security job. 

Welcome man!  its an exciting field to be in!  Demand for talented people is always increasing.  Good luck!!

honestly, WSUS isn't much to roll-out.  Install on server then you just configure the options for what software to download (Office, Windows, and other Microsoft Apps).  Then configure synchronization times, set your default listening ports.  It usually uses 443 and/or 80.  Unless it is on SBS.  After that you control the clients via GPO.  And even then it only tells them what to do.  They look at WSUS and either download, download and install or schedule install.  All controlled through GPO.  WSUS just gathers the updates so you don't have all your Windows machines trying to update at once.  You can configure auto-approve rules for critical and security and even designate what groups of computers you want.  But if the client systems are not updated with their Automatic Update engine, they will not communicate properly.  Luckily Microsoft has a few diagnostic tools to assist in troubleshooting.

Once it is in and running, it is pretty cut and dry.  But right now organization is key.  They have little documentation and what they do have it needs severe updating.  So first things first, straighten everything out!  you can't protect it if you don't know it exists.

Thanks Mallaigh.  I've worked with WSUS for a bit.  Found it to be useful half the time   Mostly found that if there was an update to the updater, it would cause problems.  So one of the solutions we are implementing is a method to force updates using a management appliance. 

Unfortunately the previous admins have left the AD in shambles, so I recommended we straighten that out before we worry about why some machines don't always update.  My idea is, can't patch it if we don't know if it really exists.

I am looking forward to our new patch management appliance.  I'm hoping it works a bit faster at discovery than a GFI scan/assessment.

I'm registered for this and coming in from CT.  This will be my first one.

Thanks man!  Looking forward to the adventure.

So last time I posted I had started a new consulting gig.  Well the honeymoon ended and I realized it was going to be a dead end.  Spent more time worrying about billable hours than actually concentrating on work and study topics.  Luckily a job posting came up from a recruiter friend of mine.  The job was for a Network Security Admin.  After reviewing the position I thought to myself, wow I actually have most of these skills for a change.  And figured what the hell! 

So the recruiter helped me get my resume much more beefy looking so it actually reflected my abilities better.  Next thing I know they bring me in for the first interview.  Cool part was they accommodated my work schedule so I didn't need to take any time off.  Infrastructure manager liked me and I got the call for a second right away.  Again they accommodated my schedule.  The recruiter was also feeling very positive about it.  After another week or 2 I get the offer.  As a bonus it was more than I was asking for.  I didn't want to be too greedy with my first official Info Sec job. 

So here I am 2 weeks into the job, well 3 but again they accommodated me by allowing me to take time off for a pre-scheduled wedding trip for a good friend of mine.  My current duties, for now, revolve around Patch Management and Anti-virus management.  Might seem like a glorified Sys Admin but for one very little if any desktop work, and two, lots of room to grow the duty list.  The team is cool as well and all pretty knowledgeable. 

After talking with a friend of mine, he told me I was heading into Information Assurance.  That led me to GIAC and GCWN.  So my current path will be to obtain GCWN.  New boss said he will approve SANS SEC505 for next year's budget.  Its nice having a boss that says "go pick a training course."  So for now its back on my MCITP track, then GCWN.  After that I may go back to CCNA.  Eventually I would like to pick up the CISSP.  They seem to be very supportive for education so why not take advantage? 

I would welcome any advice from anyone in this area of expertise.  I think my biggest hurdle will be getting a good patch management policy and procedure in place.  We have a virtual lab for testing, but I don't think they use it very often. 

Sorry about the length of this

hmmm I try that Delusion but trying to fold my legs in this computer chair is difficult  

Focus is certainly tough, specially when you have a new job where you get to be the VMware guy.  So yeah the new place I am at has tagged me as the VMware/Virtualization guy.  So far I got ourselves the pro partnership and one of the senior engineers recommended I put the MCITP track on hold and get my VCP.  Thankfully the VCP requires you to take the course before you can take the test.  But now I have to yet again change focus, luckily VCP is one test.  Unfortunately my dinky Dell server cannot run ESX, stupid SATA controller, suppose I could invest in a better RAID controller and toss in some new drives.

Ah well, at least this company sees my worth a bit better than my old one and there is still the opportunity to get in on some audits and security assessments.  Need more hours in the day!

The more popular the site, the more asshats you get.  Then like some have said, you tend to filter some decent folk out of the influx and get some great contributors.  Take the bad with the good.

So would it be unethical to set up a reverse honeypot of sorts and send the kiddies who want to hack myspace and such there?  Tell them the answers they seek are found down the deep scary tunnel and that there is candy at the end??

hmmm probably is. 

Thanks n1p!  I'll have a look.

Worked like a champ.  Now just need to get some sites to test against.  Was at work so didn't want to tempt fate too much.  Also made sure I did some snapshots before running it.  newb question, what else should I do to harden the system?  I switched my main user to a normal user, renamed the admin account and made sure everything had a password.  Also have some AV on it.  Threw on MS Security Essentials since its free and it would be interesting to see how it works.  Think I will mess with it more over the weekend.

Couple weeks ago I saw a post about Fireshark from the EU Blackhat conference.  Has anyone else took a look at it?  Current release is beta (fireshark.org) and documentation is lacking until the developer posts it.

Anyway, just wonder if anyone else has given it a shot.  I tossed mine on a VM of XP SP3 w/ latest Firefox and can't for the life of me figure out how to get it to run.  Mainly where to put the data file.  Directions state "Home Directory."

Also if anyone has gotten it to run, got any fun recommendations of suspicious sites to run it against?

Thanks!

I was almost interested when I saw the subject line.  I haven't been around all that much, but I have run other types of forums and when you are a newbie on the forum, you really need to watch how you behave.  Seems the BillV offered his recommendations.  You (OP) could have simply noted and watched the forum for other suggestions. 

Frankly it sounds like you want to start a cyber-vigilante group.  My concern with this would be what happens when you happen across a would be scammer site that may be watched by a legitimate group and you can end up getting into a sticky situation. 

Or do you want to start a hacker-space?  Like others have said there are probably a number of groups doing similar things.  Why reinvent the wheel?  As for the "business plan"  well it doesn't hurt.  Every club out there has a mission that is stated.  This allows the group to keep focused and know the direction they want to go.  It also allows them to build on that mission and develop more complex goals.

Besides there is a big enough group here, I'm sure someone has something going on that they wouldn't mind some additional assistance.