Article always refers to "server" in the singular: ...until what seemed like a network issue knocked it offline for several hours until its server restarted.
Admins from the startup took a look at the running processes on the server, finding a foreign... Etc. Whilst log correlation does exist, I've generally seen this to be a hugely complex undertaking to setup, which may or may not assist. Usually in complex environments, no one knows the whole picture. There are app teams, DB teams, OS teams, network teams, security teams, even teams for each utility service (ESB, monitoring, AV, patching etc.), and thus it's very difficult to build a quick "after the fact" picture of what a server should look like. Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Tuesday, 8 October 2013 2:51 AM To: ntsysadm Subject: Re: [NTSysADM] Vigilance and planning save the day While the shop is a small one, it seems somewhat inconclusive to me that is only a single server in the environment, vs it being only one server that all that attacking was against. Either way, larger environments have the benefit of log correlation solutions and a more extensive trail that can be made to get to the important systems. Size works against both parties. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Sun, Oct 6, 2013 at 10:51 PM, Ken Schaefer <[email protected]<mailto:[email protected]>> wrote: Article implies they have all of one server... Props to them for doing root cause analysis, but when you have that many eyes watching one box, then life's a lot easier then when you have 100+ boxes you need to watch Cheers Ken From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Ziots, Edward Sent: Friday, 4 October 2013 10:03 PM To: [email protected]<mailto:[email protected]>; COMPUTING Subject: RE: [NTSysADM] Vigilance and planning save the day Good article. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497<tel:401-255-2497> This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Thursday, October 03, 2013 6:44 PM To: COMPUTING Subject: [NTSysADM] Vigilance and planning save the day Finally, a pretty good security incident response story... http://www.zdnet.com/how-vigilance-saved-a-startup-from-a-sophisticated-robbery-7000021436/ ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...
<<inline: image001.jpg>>
