One can always state..: Let us put a box on site, and point all logging to
it, and then the MSP is remotely connected to the box, and everything is
nice and rosy.. Nope, there is authentication, encryptions, blah, blah,
etc, etc A simple fingerprint scan that is some what successful can
clearly identify the box, and any port that is open and then attack
it. Oops, just knocked some hybrid Unix box offline.. All the MSP noc
person sees is that they are no longer receives alerts.
Reaction:
Call customer" Hi so and so, this is MSP so and so, we are no longer
receiving messages from our remotely managed box"
Customer: Am I vulnerable
MSP rep: Unsure of the status, could you do the following....
Doesn't provide much confidence in my mind..
One doesn't need senior engineers available, one needs a better way of
remotely recycling power.. :)
At 10:49 PM 6/27/2001 -0400, Len Rose wrote:
The answer to this has always been automation, whether it's automation
of log analysis, alarms/traps, and/or on the fly packet header monitoring.
When an alarm occurs, the SOC gets alerted and an escalation procedure
begins. This is standard practice. You don't have senior engineers monitoring
systems 24 x 7 but you damned well better have them available when something
real happens.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
