Re: [ISN] Security, Disaster Recovery Issues After Sept. 11

From: InfoSec News (isnat_private)
Date: Fri Apr 19 2002 - 01:39:01 PDT

  • Next message: InfoSec News: "[ISN] New Klez worm squirms across Internet"

    Forwarded from: rferrellat_private
    > Third, get the systems administrator to start looking at the logs
    > that are generated by the system. These logs provide a wealth of
    > information as to who logged in, when they did, for how much time,
    > and how many "attempts" were tried to access the system via a user
    > ID. You can pinpoint invalid and excessive attempts and shut that
    > user ID down. You can also often tell where the access is
    > originating. Many systems administrators either don't bother to look
    > or have no ideas where to look.
    If your sysadmin isn't looking at logs every day, then you have no
    sysadmin.  A very large component of that job involves log reading,
    and on a daily basis.  Logs are the pulse of any computer, but doubly
    so for a server, and triply so for a server connected to the Internet.  
    Every job has a set of minimum functional requirements, and reading
    logs definitely falls within those for the systems administrator.
    That's why (competent, meaningful) systems administration is a
    full-time job in and of itself. Anyone who disagrees probably hasn't
    tried to do it. It might profit anyone who falls into this category to
    spend some quality time looking around at
    As to the "50-90" day password change policy, I'd suggest that, while
    it's better than no policy at all, it's not much better.  Any password
    on an Internet-connected system longer than two weeks makes me
    nervous, although enforcing truly well-chosen ones makes longer change
    intervals more tolerable.
    Robert G. Ferrell
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 05:14:36 PDT