Firewall Wizards mailing list archives
Re: What exactly is a sysadmin/security officers job
From: Adam Shostack <adam () homeport org>
Date: Tue, 9 Dec 1997 03:07:52 -0500 (EST)
When an intrusion occurs, you hope like hell its not on a production system with costs in the millions per minute of downtime. (There are lots of these at financial institutions.) If it is, you audit the hell out of the transactions its generating. If its not, you backtrace the connection, close down the access point, and then do cleanup. Sometimes you let the police or CERT know, but they tend to be bloody unhelpful. Actually tracking someone to the source is still fairly rare, and many organizations don't want the negative publicity associated with a break in. Until we de-stigmatize being broken into, we don't begin to solve the problems. Remember that less that 1% of attacks on DOD systems were detected and reported. We're not addressing the issues right. Adam Jim Leo wrote: | I've really enjoyed the Out-sourcing vs In-house debate thus far. | However, I'm curious, just exactly what do most of the | list-subscribers do when an attempt at intrusion occurs? Exactly what | is classified as an intrusion. Does using any one of the numerous | scanning tools out there (asmodeous, ISS, strobe, etc) constitute an | intrusion attempt, or just 'knob twiddling'? How does one deal with | it. And yes I know about management policy, I'm curious just what | others are doing in the security arena. | Jim Leo | admin () everett pitt cc nc us | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- What exactly is a sysadmin/security officers job Jim Leo (Dec 08)
- Re: What exactly is a sysadmin/security officers job Adam Shostack (Dec 09)
- Re: What exactly is a sysadmin/security officers job Frank Willoughby (Dec 09)
- <Possible follow-ups>
- Re: What exactly is a sysadmin/security officers job Kurt A. Manske (Dec 09)