[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200308042203.h74M3br0013050@caligula.anu.edu.au>
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: Re: Reacting to a server compromise
Ok, you can have a go at Ron, I won't begrudge you that, but if you're
going to pick on someone who is trying to actively do something to address
something that is a real problem with system administration today then
unless you are being a part of solving something else (and are willing
to come out from behind your mask of anonymity) you've got no grounds
for belittling others who do.
In some mail from security snot, sie said:
>
> Tina Bird isn't much of a security expert, she's a belly dancer. What she
> likes to do is read generated logs (ie syslog and whatnot) and pretend
> that leaves sufficient information for a reliable audit trail.
That really doesn't do justive to what she's trying to achieve and I'm not
sure that generating a reliable audit trail is the primary focus of it.
The fundamental problem she's trying to address, at present, is the large
number of unfortunately disparate sources of log information that are
present in just as many formats. This is a real problem and it needs to
be addressed sooner, rather than later, primarily for the benefit of
systems administrators so they can get a clear understanding of what all
their systems are doing and in a concise manner rather than spending
time manually collecting information or piecing together scripts to try
and massage all the input correctly.
I don't think I've ever seen her portray herself as a security expert,
however, the topic of loging information collection, analysis and
management (which is what she is concerned about) does assist in
security matters when it comes to a post-mortem analysis of a system.
Under the right circumstances, generated logs can generate information
that can be considered relable and be used as part of an audit trail
but it's more involved than "see, this is my log." If you (or anyone
else) wants to know more, go get some lessons from a 'big 5' auditing
company or similar.
Maybe you should give your modem to your mommy, go back to your room
and ask your mommy to let you out when you can show the world you've
got more to offer than just petty insults.
Darren
Powered by blists - more mailing lists