"Devin L. Ganger" wrote:
> On Fri, May 25, 2001 at 02:13:14PM -0700, Eric Robinson wrote:
>
> > In an ideal world, I suppose we would have time to conduct an "exhaustive
> > forensic analysis" of each of the 9000+ effected systems.
>
> Nope. That's where the risk analysis comes in.
>
> "How much risk will I be at, versus the amount of labor invested?"
>
> Full analysis + actions indicated: low risk, extremely high labor.
> No analysis, rebuild system: low risk, moderate labor.
> Light analysis, plug holes: unknown risk, low labor.
Agreed.
No one mentioned products like Tripwire and other similar tools to report
modified files to reduce the risk further, and also reduce the labour somewhat.
> > We plugged the hole and moved on. Twenty days later, still no apparent
> > problem or strange activity on the server. No exhaustive analysis performed.
> > No hard drive reformatted. No time wasted.
>
> This time. Until the black hats get smarter than your instinct.
Yes, thats playing russian roullette :)
I still think good security management can increase your chances of recovering
a compromised system quicker and more effectively. (Assuming properly done)
Prevention is better than cure! <tm>
Regards,
Chris.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
