Well, After some false starts involving problems with London Undergrounds District Line I made it to Olympia and to Infosec 2008. The event itself is a good one for picking up the latest trends in security and seeing a few demo's of various products and as always there was some good stuff to see there.
For example, Sophos have come on in leaps and bounds and I was most impressed with their new AV console. It can also do NAP (where a machine is quarantined until it means a specific criteria for patches and AV).
The Sophos solution also has a web based applet which can be deployed to guest machines (i.e. visitors). The classic here was the sales guy who was demonstrating it was telling me just how clean the solution was "It uninstall's without a trace so we don't change a THING on the users machine" he extolled. Hmm. But if it doesn't met the policy then the remediation servers will be the only ones the user can see. This allows the user to update AV definitions and patches. Now, if we can't touch a visitors machine then what's the point? It's a nice technology but worthless for that reason.
Guest machines should be in an isolated vlan with only net access. They should not only be isolated from the production network but from each other as well.
The Microsoft seminar was superficial but I did learn a few things about their NAT offering in Windows Server 2008 and it does look useful. Certainly on the "to test" list.
Overall, I came away from Infosec slightly underwhelmed. There didn't seem to be any new technologies or ideas that made me feel "yes, I like this. This is a good way forward". The last time I had that feeling was with Splunk
Subscribe to Ramblings of a Sysadmin
Get the latest posts delivered right to your inbox