On Tue, Jan 09, 2018 at 04:24:50PM +0000, Dave Osbourne wrote:
>
> Ah - I looked at that (ipset) - didn't even know it existed...!!
>
> I'm getting a lot of resistance from our outsourced IT supplier on this...
> the excuses are variously:
>
> * block based on SRCIP being in <insert unfriendly state here> or
Can do that, if you are sure to never get customer from there.
More complementatry, not a replacement measure.
> * why don't you migrate to Office365 or
Or use icloud. Blonde is actually a state of mind, and makes the
world a much easier place. Next round you'll be talking religous
arguments ("I belief this will..." completely lacking undermining
facts)
> * don't worry if you patch regularly and have a good passwd policy then just
> let the traffic come
Again, a complementatry thing.
Don't rely on a single measure alone; If you notice an IP banging
at you with a dozend failed logins a second, why not block it
automatically for some time? Helps a bit the noise in the logs,
and the length of that queue is a bit a a script kiddie fever
curve.
>
> Does *anyone* have some kind of a reference or best practice for this, or
> their own motivation even?
Easy, cheap, helps. For more fundamental arguments, see relevant
literature (Schneier et al.)
> I feel the resistance I'm getting (not from the list) is through a lack of
> awareness by IT professionals... this seems like such an obvious thing to
> do, yet 3 IT support companies I've spoken to don't seem keen....
Sometimes people just are not interested in things they can't
monetise within 3 month..
Bye,
Joerg
Attachment:
signature.asc
Description: PGP signature
