Forwarded from: rferrellat_private > Third, get the systems administrator to start looking at the logs > that are generated by the system. These logs provide a wealth of > information as to who logged in, when they did, for how much time, > and how many "attempts" were tried to access the system via a user > ID. You can pinpoint invalid and excessive attempts and shut that > user ID down. You can also often tell where the access is > originating. Many systems administrators either don't bother to look > or have no ideas where to look. If your sysadmin isn't looking at logs every day, then you have no sysadmin. A very large component of that job involves log reading, and on a daily basis. Logs are the pulse of any computer, but doubly so for a server, and triply so for a server connected to the Internet. Every job has a set of minimum functional requirements, and reading logs definitely falls within those for the systems administrator. That's why (competent, meaningful) systems administration is a full-time job in and of itself. Anyone who disagrees probably hasn't tried to do it. It might profit anyone who falls into this category to spend some quality time looking around at http://www.usenix.org/sage/ As to the "50-90" day password change policy, I'd suggest that, while it's better than no policy at all, it's not much better. Any password on an Internet-connected system longer than two weeks makes me nervous, although enforcing truly well-chosen ones makes longer change intervals more tolerable. Cheers, RGF Robert G. Ferrell rferrellat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 05:14:36 PDT