Re: Security, Disaster Recovery Issues After Sept. 11

[InfoSec News <isn () c4i org>]

Forwarded from: rferrell () texas net

> Third, get the systems administrator to start looking at the logs
> that are generated by the system. These logs provide a wealth of
> information as to who logged in, when they did, for how much time,
> and how many "attempts" were tried to access the system via a user
> ID. You can pinpoint invalid and excessive attempts and shut that
> user ID down. You can also often tell where the access is
> originating. Many systems administrators either don't bother to look
> or have no ideas where to look.

If your sysadmin isn't looking at logs every day, then you have no
sysadmin.  A very large component of that job involves log reading,
and on a daily basis.  Logs are the pulse of any computer, but doubly
so for a server, and triply so for a server connected to the Internet.  
Every job has a set of minimum functional requirements, and reading
logs definitely falls within those for the systems administrator.
 

That's why (competent, meaningful) systems administration is a
full-time job in and of itself. Anyone who disagrees probably hasn't
tried to do it. It might profit anyone who falls into this category to
spend some quality time looking around at

http://www.usenix.org/sage/

As to the "50-90" day password change policy, I'd suggest that, while
it's better than no policy at all, it's not much better.  Any password
on an Internet-connected system longer than two weeks makes me
nervous, although enforcing truly well-chosen ones makes longer change
intervals more tolerable.

Cheers,

RGF

Robert G. Ferrell
rferrell () texas net



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.