PaulDotCom mailing list archives
Critical Log Review Checklist
From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Tue, 9 Mar 2010 23:23:30 -0500
Thanks for the information. This is really useful. I do have a question about "#2: Copy log records to a single location where you will be able to review them." Is it best to collate all logs to one central location in the organization or to segment them per router segment. For example all logs produced by devices in the DMZ would write to a dedicated log server in the DMZ. My concern is with allowing devices on outside segments writing to a machine inside your main organization. I know the risks are probably minimal if that is all you are allowing through (e.g. allow machine X.X.X.X in DMZ to write to port 514 of machine X.X.X.X in main segment but I am a bit paranoid! Thanks, -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Tim Mugherini Sent: Tuesday, March 09, 2010 1:25 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Critical Log Review Checklist Thank you to lenny zelster On 3/9/10, Robert Miller <arch3angel at gmail.com> wrote:
Here is a site that Bug_Bear linked to on Twitter and I thought others may find it useful as well! - Thanks Bug_Bear http://zeltser.com/log-management/security-incident-log-review-checkli st.html - Robert (arch3angel) _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Sent from my mobile device _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Interesting spear fishing type attack PJ Velasco (Mar 09)
- Critical Log Review Checklist Robert Miller (Mar 09)
- Critical Log Review Checklist Tim Mugherini (Mar 09)
- Critical Log Review Checklist Jody & Jennifer McCluggage (Mar 09)
- Critical Log Review Checklist Tim Mugherini (Mar 09)
- Interesting spear fishing type attack Chris Merkel (Mar 09)
- Interesting spear fishing type attack PJ McGarvey (Mar 09)
- Interesting spear fishing type attack Peter Fisher (Mar 09)
- Interesting spear fishing type attack Robin Wood (Mar 09)
- Critical Log Review Checklist Robert Miller (Mar 09)