How to Cheat at Managing Information Security

The purpose of this chapter is to:
Provide details of tips and techniques
Provide a methodology for deploying an IDS
Provide a detailed approach for tuning an IDS
Provide a strategy for deploying an IDS
Intrusion detection systems (IDSes) are a form of monitoring. Another form of monitoring is open-source monitoring, whereby you scan newsgroups and forums for damaging information. Traditionally, a good pen tester or hacker will do this before every job; it s amazing how many administrators post configs to newsgroups, asking Why doesn t this work? just the in we re looking for.
Years ago, my team was doing a job for a large chemical company. The executives had some branded e-mail accounts on a dial-in basis, but the test was to see if the new corporate gateway was up to snuff.
But we hit a problem. The finance director (FD), our sponsor, a 55-year-old, silver-headed fossil, was advertising his services as a toy-boy. The evidence was clear: many postings from john.smith@acme-chemical.demon.co.uk, all offering male escort services.
I escalated it to a senior partner, since this was a problem well above my salary range. We were told to continue. Some time later, we were invited to present interim findings to the board. But it was a most extraordinary meeting.
The room collapsed with laughter when we retold the point about escort services. The FD s face, bright red with mock anger, bristled delightedly with each new jibe nobody had paid him this much attention in years. Lots of You re...