I would agree that having someone on your staff who knows security is important. But coming from the 'small shop' point of view, a good consultant who spends their time doing this type of thing is extremely valuable. They are simply better at it because they spend all their time doing it. After being compromised some time ago, we have established a relationship with a reliable, knowledgeable firm. We can turn to them for advice and analysis when I simply feel as though I'm in over my head.
josh ----- Original Message ----- From: "Patrick Orzechowski" <[EMAIL PROTECTED]> To: "J" <[EMAIL PROTECTED]> Cc: "'David Ng'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 11:59 AM Subject: RE: Please assist, tracking or IDS options. > JJ > > humbly i would like to interject that a consultant cannot replace someone > on your own staff that knows something about security.... > > > -pat > > On Wed, 24 Oct 2001, J wrote: > > > David: > > > > > > Seriously, your best bet may be an independent consultant. This is for a > > variety of reasons: > > > > --) Independent consultant is not aware of any internal company > > politics, so that's not a factor should you end up prosecuting the > > offender; > > > > --) Consultant may have expertise in this area that you don't (evidence > > collection.) > > > > --) Once job is done, consultant is done; you don't need to hire them. > > > > > > Lastly, breaching a computer system (in most cases) is a U.S. federal > > offense. Your local law enforcement, or even the FBI have teams of > > people dedicated to this problem. You may want to work with them in > > developing a method to catch the perp. > > > > Just my thoughts, > > > > > > JJ > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of David Ng > > Sent: Tuesday, October 23, 2001 5:14 PM > > To: [EMAIL PROTECTED] > > Subject: Please assist, tracking or IDS options. > > Importance: High > > > > Dear all, > > We have a NT network that was hit the other day, in the sense that > > it was remotely shutdown by an individual somehow. The person might have > > the passwords and also sound technical expertise in remote utilities. Is > > there a way for me to trace where the traffic was coming from that day > > and what IP address? Also, is there a way to automatically capture the > > screen if it was remotely controlled? > > Please advise, thanks in advance. > > > > > > Sincerely, > > > > > > > > David Ng > > > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
