Hello everyone! I have difficult issue... I am sys admin and the one and only IT person for a small organization. I have attended SANS courses and have listened to pauldotcom for years now. I have been learning a lot in the area of network security, but I need to fill a crucial gap in my knowledge.
Here's the scenario: I review my logs daily and started noticing some strange things. For example, an "IP Spoof" with an internal IP address talking to my VOIP server. I see port scans coming from facebook domain that are obviously apps. I see things that alarm me; however, I don't know how to verify the validity of what I'm seeing. I know that sometimes you can get false positives and sometimes an all in one IDS/IPS/Firewall can get it wrong. I'm feeling a bit lost! I know that I can expect port scanning and I tend to ignore it. But some of the other things I'm seeing just leave me very nervous... I'm doing my best and as far as I can tell it's been working well, but there has to be a good training course or two that I can take that will teach me how to identify this stuff quicker and more easily. Do you just learn this stuff as you go? Is experience the key? If anyone has advice I'd appreciate it! I can't be the first or only person to reach this point.... Thanks! Shaun Curry
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
