Re: [loganalysis] why read your logs?

From: Lance Spitzner (lanceat_private)
Date: Mon Sep 10 2001 - 23:13:28 PDT

  • Next message: dgillettat_private: "Re: [loganalysis] why read your logs?"

    On Mon, 10 Sep 2001, Tina Bird wrote:
    > that ought to cause a bit of a rumpus.
    > i've been tasked with giving a presentation to a group
    > of manager types who do not have our understanding of the
    > importance of staffing for log monitoring.  i've got a
    > couple of analogies to use for them -- things like asking
    > how many of them balance their checkbooks or read their credit
    > card statements
    I would take a different approach.  Most people don't monitor
    logs because the simply believe that one would want to scan,
    probe, attack them.  I love giving people the 'home user'
    challenge.  Owners who have dedicated connections to the net
    (Cable, DSL, etc), I challenge them to install a firewall
    for their desktop.  Without fail, they are  always flabergast
    when the firewall reports people attacking them.  Why would
    someone want to attack my desktop?
    This always gets their attention.  If nothing else, monitor
    a desktop for a week before your presentation, then show the
    stats and attacks to your group.  Explain to them that if
    this is a simple home system, image what is happening to
    your network.  Then challenge them to try this at home.
    But, you ask, what happens if no one scans/attacks you?
    Not to worry, the blackhat community has yet to dissapoint
    me :)
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private

    This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 23:15:04 PDT