Thanks for the information. This is really useful. I do have a question about "#2: Copy log records to a single location where you will be able to review them." Is it best to collate all logs to one central location in the organization or to segment them per router segment. For example all logs produced by devices in the DMZ would write to a dedicated log server in the DMZ. My concern is with allowing devices on outside segments writing to a machine inside your main organization. I know the risks are probably minimal if that is all you are allowing through (e.g. allow machine X.X.X.X in DMZ to write to port 514 of machine X.X.X.X in main segment but I am a bit paranoid!
Thanks, -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tim Mugherini Sent: Tuesday, March 09, 2010 1:25 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Critical Log Review Checklist Thank you to lenny zelster On 3/9/10, Robert Miller <[email protected]> wrote: > Here is a site that Bug_Bear linked to on Twitter and I thought others > may find it useful as well! - Thanks Bug_Bear > > http://zeltser.com/log-management/security-incident-log-review-checkli > st.html > > - Robert > (arch3angel) > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
