Security Incidents mailing list archives
Re: Incident investigation methodologies
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Wed, 09 Jun 2004 13:58:48 -0400
Harlan Carvey wrote:
As do I. And I also think that it would greatly benefit the community, by moving us beyond the stagnation faced by phrases like "...but a hacker could...". Some small degree of paranoia...perhaps "caution" is a better term...is necessary in the security profession, as no one person can know everything there is to know. However, many of us working together can know quite a lot...
I think that the "paranoia" point of discussion is quite interesting. Let me first start by saying that I agree completely with the majority of the points you've made here, Harlan. The fact of the matter is that if we don't create a trusted incident response methodology, we're looking at a future of constantly second guessing our own systems. Computer science is just that: science, not mysticism. As such there is always a logical progression. However, I think that the "paranoia" argument is largely dependant on the audience of the argument. If I say to you (or, vice versa) that a black hat COULD trojan a copy of netstat.exe, it doesn't have the same connotation than if I said that to an end user. The assumption, I believe, is that saying this to a security professionaly carries with it the assumption that that security professional will understand that this doesn't mean that it has been trojaned nor that it is even likely, just that it could and does happen. Now, whether everyone on this list is a security professional is another discussion altogether, and not one that I intend on joining into. :) -Barry
Current thread:
- Re: Incident investigation methodologies FRCMSEC (Jun 04)
- Re: Incident investigation methodologies Harlan Carvey (Jun 04)
- <Possible follow-ups>
- Re: Incident investigation methodologies Maarten Van Horenbeeck (Jun 04)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 04)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- Re: Incident investigation methodologies Barry Fitzgerald (Jun 09)
- RE: Incident investigation methodologies Tim Hollebeek (Jun 10)
- Re: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Gaydosh, Adam (Jun 04)
- RE: Incident investigation methodologies Steven Trewick (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Dave Paris (Jun 07)
- RE: Incident investigation methodologies Harlan Carvey (Jun 07)
- RE: Incident investigation methodologies Fiscus, Kevin (Jun 07)
- RE: Incident investigation methodologies pfft (Jun 13)
- RE: Incident investigation methodologies Harlan Carvey (Jun 14)
- RE: Incident investigation methodologies pfft (Jun 13)