Incident Response Tools For Unix, Part One: System Tools
By Holt Sorensen
This article is the first in a three-part series on tools that are useful
during incident response and investigation after a compromise has occurred
on a OpenBSD, Linux, or Solaris system. This installment will focus on
sys
I'm not sure about OpenBSD but, I'm sure it's similar to Linux.
Under Linux you can set your firewall (iptables) to log through syslogd.
Syslogd can then be configured to forward to another machine.
Another option is to open an ssh connection from your logging machine to
each of your firewall m
In-Reply-To: <[EMAIL PROTECTED]>
A simple Perl script will dump a list of systems, and
then query each one to see if the user is logged in.
No need to purchase a product when you can do this for
free.
>I have never posted to this board, so hopefully I'm
following the right =
>procedures. My iss
Hello,
I was assigned to a Mission to forMulate a strategic IT inforMation security
policy for the next 2-4 years to big financial organiation.
The policy will be presented to senior ManageMent in the forMat of:
Risk --> Alternatives --> Budget.
.
.
Wright, Bill wrote:
I have never posted to this board, so hopefully I'm following the right procedures.
Mostly. :-) (Hitting return every 75 characters or so is preferred.)
My issue is that a user's account keeps getting locked out due to an
aggressive password policy (30 days) and he claims tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Look and see if there's a service running as his account, that is using
the old password. I had someone here that did that to me, and it was
definitely aggravating that the IDS kept reporting his account locking
out every day starting at the same time
Anybody remember the website that lists the websites that have been defaced?
I was a website that list those that defaced websites and have an archive
of it.
Thanks
Jacob
---
SurfControl E-mail Filter puts the brakes on spam,
viruse
I agree with John about centralization of the function, because any change to the
firewall(s) and other edge elements (external routers and switches as well as remote
access or vpn solutions) of corporate security should be a defined (written) process
of request and confirmation. Centralization
Dump your PDC logs using DumpEVT or similar. Search the log files for the
users user name or by the MS Security Event Code. This will give you all of
the computer names that his account is trying to be accessed from. So in
other words you will locate HIS true machine, plus any machine that may
Hi all,
I'm sorry to post this little off-topic question but its my last
ressource i can rely on.
I need to monitor the bandwidth between 2 switches (Baystack 350-24T
with dual optical fiber exp port). I can see statistics for every port (1 to
26, including both fiber ports) when
Debbie,
It is very important that you are not the only person approving security
changes. The network and firewall people should also approve and signoff on
all changes. You need to make sure that eveyone knows that you are not the
owner of *security*..the user/network/administrators are. Be ca
Do you know if he has hard booted his computer? As are probably already
aware, if a user doesn't reboot from time to time, they may not get the
"your password will change..." messages.
Scott
From: "Wright, Bill" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Windows 2000 user login
Dat
Can't do that because were 24-7. I was hoping there was some utility I could use to
automate it. Any other options or ideas.
Thanks,
Bill
-Original Message-
From: Nuzman [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 11:40 AM
To: Wright, Bill
Subject: Re: Windows 2000 user lo
--On Wednesday, March 26, 2003 1:16 PM -0500 "Wright, Bill"
<[EMAIL PROTECTED]> wrote:
I have never posted to this board, so hopefully I'm following the
right procedures. My issue is that a user's account keeps getting
locked out due to an aggressive password policy (30 days) and he
claims that
Maybe AuditGuard from S4software, it can consolidate logs from diferent *nix and has
nice report capabilities, is more oriented to set security, for FW maybe.
Javier Otero
Grupo Smartekh
Antivirus Expertos
Bussiness Continuity
Inftegrity
5243-4782 al 84 Ext.300
México, D.F.
-Mensaje
> I have never posted to this board, so hopefully I'm following the right
procedures.
> My issue is that a user's account keeps getting locked out due to an
aggressive
> password policy (30 days) and he claims that he isn't logged into multiple
machines
> nor is he fat fingering his password. Is a
169.254.x.x is an APIPA address which is automatically assigned to an IP network stack
implementation (Microsoft Windoze for example) when node in question is set to
automatically obtain a dynamically assigned (DHCP) IP address but is unable to contact
said DHCP server (for whatever reason) to o
Excel spreadsheet passwords can be easily unencrypted. There are
utilities out there that can do this for you in the click of a button.
Don't fall for that one.
Secondly, you must be careful when you deploy EFS. A must is to deploy
it only if it's domain wide. Otherwise it's not very secure. I rea
18 matches
Mail list logo