Full Disclosure mailing list archives
RE: [inbox] Re: Reacting to a server compromise
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 4 Aug 2003 15:39:04 -0500 (CDT)
HIPAA has made it a new world. The attorneys are already salivating and trying to dig up any potential "victims" they can find, look to Arizona as an example. Since this box was used to attacke doctor's records, there is a good chance it's tracks will be found. This guys got two options, either don't touch the box, play dumb, and hope the cracker doesn't know how to cover his tracks (unlikely), or dd the drive, take the box offline (in that order in case it has a smart-bomb planted), and notify notify notify. We are instituting IDS and logging systems for healthcare customers every day and are finding attacks that they would not have even guessed at a year ago. By law they must keep their logs three years, plenty of time for even scumbag lawyers to find it. If you have done due diligence, you will be a sitting duck.
HIPAA compliance is much more then logging and IDS. But, I trust that this is not the limit of the services DP Solutions provides in such cases. Of course HIPAA is not a "new world" thing, but, rather a compliance issue for a new class of users and data. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Reacting to a server compromise Mark (Aug 01)
- Re: Reacting to a server compromise Peter Busser (Aug 02)
- RE: Reacting to a server compromise Wayne Chang (Aug 02)
- Re: Reacting to a server compromise SecuresDotComs (Aug 02)
- RE: Reacting to a server compromise Edward W. Ray (Aug 02)
- Re: Reacting to a server compromise Aron Nimzovitch (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Ron DuFresne (Aug 04)
- RE: Reacting to a server compromise Edward W. Ray (Aug 02)
- <Possible follow-ups>
- Re: Reacting to a server compromise Jennifer Bradley (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Bojan Zdrnja (Aug 06)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 06)
- Re: [inbox] Re: Reacting to a server compromise Valdis . Kletnieks (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)