Firewall Wizards mailing list archives
Re: What exactly is a Sysamin/Security officers job
From: tlitney () kpmg com
Date: Wed, 10 Dec 1997 08:54:21 -0500
In a prior life I was a security engineer with a major west coast bank. One of my responsibilities was reading the firewall and bastion host logs. We used to try and follow up on every suspected intrusion attempt, even door knob rattling. I would track it back to the source, if possible. Then I would get the sysadmin on the phone and we would compare logs. If they saw the incident in their logs they would then usually do the right thing - deactivate the account until they could talk to the prep's mommy. It did take a lot of bandwidth, but I guess I agree with Frank, that it is important to follow up on everything. (Frank, hope I did not misrepresent your opinion) It lets the kiddies and the black hats know that big brother is watching and hopefully they go on to less vigilant targets. Yea, I did have contacts with the Feds, but in usually never got that far. Tom
Current thread:
- Re: What exactly is a Sysamin/Security officers job tlitney (Dec 11)