|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (isn
c4i.org)Date: Fri Apr 19 2002 - 03:39:01 CDT
Forwarded from: rferrelltexas.net
> Third, get the systems administrator to start looking at the logs
> that are generated by the system. These logs provide a wealth of
> information as to who logged in, when they did, for how much time,
> and how many "attempts" were tried to access the system via a user
> ID. You can pinpoint invalid and excessive attempts and shut that
> user ID down. You can also often tell where the access is
> originating. Many systems administrators either don't bother to look
> or have no ideas where to look.
If your sysadmin isn't looking at logs every day, then you have no
sysadmin. A very large component of that job involves log reading,
and on a daily basis. Logs are the pulse of any computer, but doubly
so for a server, and triply so for a server connected to the Internet.
Every job has a set of minimum functional requirements, and reading
logs definitely falls within those for the systems administrator.
That's why (competent, meaningful) systems administration is a
full-time job in and of itself. Anyone who disagrees probably hasn't
tried to do it. It might profit anyone who falls into this category to
spend some quality time looking around at
As to the "50-90" day password change policy, I'd suggest that, while
it's better than no policy at all, it's not much better. Any password
on an Internet-connected system longer than two weeks makes me
nervous, although enforcing truly well-chosen ones makes longer change
intervals more tolerable.
Cheers,
RGF
Robert G. Ferrell
rferrelltexas.net
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]