Re: What exactly is a Sysamin/Security officers job

[tlitney () kpmg com]

     In a prior life I was a security engineer with a major west coast 
     bank.  One of my responsibilities was reading the firewall and bastion 
     host logs.  We used to try and follow up on every suspected intrusion 
     attempt, even door knob rattling.  I would track it back to the 
     source, if possible.  Then I would get the sysadmin on the phone and 
     we would compare logs.  If they saw the incident in their logs they 
     would then usually do the right thing - deactivate the account until 
     they could talk to the prep's mommy.  It did take a lot of bandwidth, 
     but I guess I agree with Frank, that it is important to follow up on 
     everything. (Frank, hope I did not misrepresent your opinion)  It lets 
     the kiddies and the black hats know that big brother is watching and 
     hopefully they go on to less vigilant targets.  Yea, I did have 
     contacts with the Feds, but in usually never got that far.
     
                                  Tom