Richard Bejtlich's blog on digital security, strategic thought, and military history.
1k followers 1 article/week
What Are Normal Users Supposed to Do with IDS Alerts from Network Gear?

Probably once a week, I see posts like this in the r/Ubiquiti subreddit. Ubiquiti makes network gear that includes an "IDS/IPS" feature. I own some older Ubiquiti gear so I am familiar with the product. When you enable this feature, you get alerts like this one, posted by a Redditor: This is everything you get from Ubiquiti.  The Redditor is concerned...

Fri Oct 11, 2024 21:01
My First Book is 20 Years Old Today

On this day in 2004, Addison-Wesley/Pearson published my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection.This post from 2017 explains the differences between my first four books and why I wrote Tao. Today, I'm always thrilled when I hear that someone found my books useful. I am done writing books on security, but I believe...

Mon Jul 15, 2024 16:00
Retrieving Deleted Files on the Commodore C64 in 1987

When I was a sophomore in high school, from 1987 to 1988, my friend Paul and I had Commodore C64 computers. There was a new graphical user interface called GEOS that had transformed the way we interacted with our computers. We used the C64 to play games but also write papers for school.One day Paul called me. He was clearly troubled. He had somehow...

Wed May 29, 2024 21:43
My Last Email with W. Richard Stevens

  In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens. About a year later I exchanged emails with Mr. Stevens. Here is the last exchange, as forwarded from my AFCERT email address to my home email.From "Capt Richard Bejtlich - Real Time Chief" Mon Sep  6...

Sun Jun 25, 2023 22:01
Bejtlich Skills and Interest Radar from July 2005

This is unusual. I found this "skills and interest radar" diagram I created in July 2005. It looks like my attempt to capture and prioritize technical interests. At the time I was about to start consulting on my own, IIRC.Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Sun Jun 25, 2023 21:36
Key Network Questions

  I wrote this on 7 December 2018 but never published it until today. The following are the "key network questions" which "would answer many key questions about [a] network, without having to access a third party log repository. This data is derived from mining Zeek log data as it is created, rather than storing and querying Zeek logs in a third party...

Sun Jun 25, 2023 19:23

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account