Educause Security Discussion mailing list archives
Re: Compromised Accounts Procedures
From: Aaron Kirby <akirbyco () GMAIL COM>
Date: Wed, 23 May 2012 13:41:13 -0400
Good point. I would say that the compromised account could be a result of a compromised machine so it would seem to make sense not to decouple the process. On Wed, May 23, 2012 at 1:33 PM, Jacobson, Dick <dick.jacobson () ndus edu> wrote:
Might be a fine line but isn't a compromised account different than a compromised machine ? And probably necessitate a different remediation procedure ? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron Kirby Sent: Wednesday, May 23, 2012 12:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Compromised Accounts Procedures You could take a look at how Google is handling the DNS changer infections. http://krebsonsecurity.com/2012/05/google-to-warn-500000-of-dns-changer-infections/ On Wed, May 23, 2012 at 1:10 PM, Tonkin, Derek K. <Derek_Tonkin () baylor edu> wrote:I'm looking into doing this as well so I'd be interested in any templates others have developed as a jumping off point. -------------Baylor University------------- Derek Tonkin Information Security Analyst Information Technology Services - Security derek_tonkin () baylor edu 254-710-7061 ---------------Sic 'em Bears--------------- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert Meyers Sent: Wednesday, May 23, 2012 11:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Compromised Accounts Procedures Does anyone have a documented process, guidelines, or procedures taken when a user reports a compromised account? We are looking to create such documentation in order to establish consistency in our trouble ticket handling of such cases. Thanks in advance! Bob Robert E. Meyers, Ms.Ed. Manager, Security Awareness Information Security Services West Virginia University office: (304) 293-8502 remeyers () mail wvu edu
Current thread:
- IPv6 and DHCP Martin Manjak (May 10)
- Re: IPv6 and DHCP John Ladwig (May 10)
- Re: IPv6 and DHCP Kern, Paul (May 10)
- Re: IPv6 and DHCP John Hoffoss (May 23)
- Re: IPv6 and DHCP Phillip Deneault (May 23)
- Compromised Accounts Procedures Robert Meyers (May 23)
- Re: Compromised Accounts Procedures Tonkin, Derek K. (May 23)
- Re: Compromised Accounts Procedures Aaron Kirby (May 23)
- Re: Compromised Accounts Procedures Jacobson, Dick (May 23)
- Re: Compromised Accounts Procedures Aaron Kirby (May 23)
- Re: Compromised Accounts Procedures Robert Meyers (May 23)
- Re: Compromised Accounts Procedures Tonkin, Derek K. (May 23)
- Re: Compromised Accounts Procedures Rich Graves (May 23)
- Re: Compromised Accounts Procedures Bidwell, Lesley (May 23)
- Re: Compromised Accounts Procedures Pollock, Joseph (May 23)
- Re: Compromised Accounts Procedures Matthew Hodgett (May 23)
- Re: IPv6 and DHCP John Ladwig (May 10)
- Re: Compromised Accounts Procedures Rick Lesniak (May 23)
- Re: Compromised Accounts Procedures Steven Tardy (May 24)
- Re: Compromised Accounts Procedures Schoenefeld, Keith P. (May 24)
- Re: IPv6 and DHCP randy marchany (May 23)