Full Disclosure mailing list archives
Re: Re: Reacting to a server compromise
From: Darren Reed <avalon () caligula anu edu au>
Date: Tue, 5 Aug 2003 08:03:36 +1000 (Australia/ACT)
Ok, you can have a go at Ron, I won't begrudge you that, but if you're going to pick on someone who is trying to actively do something to address something that is a real problem with system administration today then unless you are being a part of solving something else (and are willing to come out from behind your mask of anonymity) you've got no grounds for belittling others who do. In some mail from security snot, sie said:
Tina Bird isn't much of a security expert, she's a belly dancer. What she likes to do is read generated logs (ie syslog and whatnot) and pretend that leaves sufficient information for a reliable audit trail.
That really doesn't do justive to what she's trying to achieve and I'm not sure that generating a reliable audit trail is the primary focus of it. The fundamental problem she's trying to address, at present, is the large number of unfortunately disparate sources of log information that are present in just as many formats. This is a real problem and it needs to be addressed sooner, rather than later, primarily for the benefit of systems administrators so they can get a clear understanding of what all their systems are doing and in a concise manner rather than spending time manually collecting information or piecing together scripts to try and massage all the input correctly. I don't think I've ever seen her portray herself as a security expert, however, the topic of loging information collection, analysis and management (which is what she is concerned about) does assist in security matters when it comes to a post-mortem analysis of a system. Under the right circumstances, generated logs can generate information that can be considered relable and be used as part of an audit trail but it's more involved than "see, this is my log." If you (or anyone else) wants to know more, go get some lessons from a 'big 5' auditing company or similar. Maybe you should give your modem to your mommy, go back to your room and ask your mommy to let you out when you can show the world you've got more to offer than just petty insults. Darren _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Reacting to a server compromise, (continued)
- Re: Re: Reacting to a server compromise Jennifer Bradley (Aug 03)
- Re: Re: Reacting to a server compromise morning_wood (Aug 03)
- Re: Re: Reacting to a server compromise manohar singh (Aug 03)
- Re: Reacting to a server compromise James A. Cox (Aug 03)
- Re: Re: Reacting to a server compromise morning_wood (Aug 03)
- RE: Re: Reacting to a server compromise Richard Stevens (Aug 04)
- Re: Re: Reacting to a server compromise Frank Bruzzaniti (Aug 04)
- RE: Re: Reacting to a server compromise Ron DuFresne (Aug 04)
- RE: Re: Reacting to a server compromise security snot (Aug 04)
- SV: Re: Reacting to a server compromise martin scherer (Aug 04)
- RE: Re: Reacting to a server compromise madsaxon (Aug 04)
- Re: Re: Reacting to a server compromise Darren Reed (Aug 04)
- Re: Re: Reacting to a server compromise Jennifer Bradley (Aug 03)
- RE: Reacting to a server compromise Brad Bemis (Aug 04)
- RE: Reacting to a server compromise Brad Bemis (Aug 04)
- RE: Reacting to a server compromise Jones, David H (Aug 04)
- Re: Reacting to a server compromise Jason Ellison (Aug 04)
- Re: Re: Reacting to a server compromise northern snowfall (Aug 04)
- RE: Reacting to a server compromise John . Airey (Aug 05)