In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens. About a year later I exchanged emails with Mr. Stevens. Here is the last exchange, as forwarded from my AFCERT email address to my home email. From "Capt Richard Bejtlich - Real Time Chief" Mon Sep  6 18:27:35 1999 X-Mozilla-Keys:                                                        &nbs ..read more

  I wrote this on 7 December 2018 but never published it until today. The following are the "key network questions" which "would answer many key questions about [a] network, without having to access a third party log repository. This data is derived from mining Zeek log data as it is created, rather than storing and querying Zeek logs in a third party repository." This is how I was thinking about Zeek data in the second half of 2018. 1. What networking technologies are in use, over user-specified intervals?    1. Enumerate non-IP protocols (IPv6, unusual Ethertypes)   &n ..read more

Cybersecurity is a social and policy problem, not a scientific or technical problem. Cybersecurity is also a wicked problem. In a landmark 1973 article, Dilemmas in a General Theory of Planning, urban planners Horst W. J. Rittel and Melvin M. Webber described wicked problems in these terms: “The search for scientific bases for confronting problems of social policy is bound to fail, because of the nature of these problems. They are ‘wicked’ problems, whereas science has developed to deal with ‘tame’ problems. Policy problems cannot be definitively described. Moreover, in a pluralistic society ..read more

I want to make a note of the numbers of words and pages in my core security writings. The Tao of Network Security Monitoring / 236k words / 833 pages Extrusion Detection / 113k words / 417 pages The Practice of Network Security Monitoring / 97k words / 380 pages The Best of TaoSecurity Blog, Vol 1 / 84k words / 357 pages The Best of TaoSecurity Blog, Vol 2 / 96k words / 429 pages The Best of TaoSecurity Blog, Vol 3 / 89k words / 485 pages The Best of TaoSecurity Blog, Vol 4 / 96k words / 429 pages The total is 811k words and 3,330 pages. Copyright 2003-2020 Richard Bejtlich and TaoSecurity ..read more

Happy 20th birthday TaoSecurity Blog, born on 8 January 2003.  Thank you Blogger Blogger (now part of Google) has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security content that was born at the same time, or earlier. Bruce Schneier's Schneier on Security is the main one that comes to mind. If not for the wonderful Internet Archive, many blogs from the early days would be lost. Statistics In my 15 year post I included some statistics, so here are a few, cur ..read more

I am now using Mastodon as a replacement for the blue bird. This is my attempt to verify myself via my blog. I am no longer posting to my old bird account. Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com ..read more

  Over the weekend I organized some old computing equipment. I found this beauty in one of my boxes. It's a Netgear EN104TP hub. I've mentioned this device before, in this blog and my books. This sort of device was the last of the true hubs. In an age where cables seem reserved for data centers or industrial facilities, and wireless rules the home and office, this hub is a relic of days gone past. To give you a sense of how old this device is, the Netgear documentation (still online -- well done) offers a PDF created in August 1998. (Again, well done Netgear, not mucking about with the ..read more

This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project.  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks. It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot.  Please like and subscri ..read more

  I've completed the TaoSecurity Blog book series. The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship.  It's available now for Kindle, and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best ..read more

  What are the origins of the names TaoSecurity and the unit formerly known as TAO?  Introduction I've been reading Nicole Perlroth's new book This Is How They Tell Me the World Ends. Her discussion of the group formerly known as Tailored Access Operations, or TAO, reminded me of a controversy that arose in the 2000s. I had heard through back channels that some members of that group were upset that I was operating using the name TaoSeurity. In the 2000s and early 2010s I taught classes under the TaoSecurity brand, and even ran TaoSecurity as a single-person consultancy from 2005-20 ..read more