Information Security News mailing list archives
Re: Security, Disaster Recovery Issues After Sept. 11
From: InfoSec News <isn () c4i org>
Date: Fri, 19 Apr 2002 03:39:01 -0500 (CDT)
Forwarded from: rferrell () texas net
Third, get the systems administrator to start looking at the logs that are generated by the system. These logs provide a wealth of information as to who logged in, when they did, for how much time, and how many "attempts" were tried to access the system via a user ID. You can pinpoint invalid and excessive attempts and shut that user ID down. You can also often tell where the access is originating. Many systems administrators either don't bother to look or have no ideas where to look.
If your sysadmin isn't looking at logs every day, then you have no sysadmin. A very large component of that job involves log reading, and on a daily basis. Logs are the pulse of any computer, but doubly so for a server, and triply so for a server connected to the Internet. Every job has a set of minimum functional requirements, and reading logs definitely falls within those for the systems administrator. That's why (competent, meaningful) systems administration is a full-time job in and of itself. Anyone who disagrees probably hasn't tried to do it. It might profit anyone who falls into this category to spend some quality time looking around at http://www.usenix.org/sage/ As to the "50-90" day password change policy, I'd suggest that, while it's better than no policy at all, it's not much better. Any password on an Internet-connected system longer than two weeks makes me nervous, although enforcing truly well-chosen ones makes longer change intervals more tolerable. Cheers, RGF Robert G. Ferrell rferrell () texas net - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Security, Disaster Recovery Issues After Sept. 11 InfoSec News (Apr 18)
- <Possible follow-ups>
- Re: Security, Disaster Recovery Issues After Sept. 11 InfoSec News (Apr 19)