Yes and tripwire for monitoring
Sonja Robinson, CISA
Network Security Analyst
HIP Health Plans
Office: 212-806-4125
Pager: 8884238615
-Original Message-
From: NR [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 6:22 AM
To: [EMAIL PROTECTED]
Subject: Securing IIS Server
Larson [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 3:42 PM
To: Robinson, Sonja; 'NC Agent'; [EMAIL PROTECTED]
Subject: RE: Digital Evidence Question - What is an effective Windows hard
-disk search tool?
Sonja,
I would be very interested (actually, surprised) if any software tool could
, 2003 3:32 PM
To: Robinson, Sonja; 'NC Agent'; [EMAIL PROTECTED]
Subject: RE: Digital Evidence Question - What is an effective Windows hard
-disk search tool?
Sonja,
I respectfully take issue with only one statement: A wipe to DoD specs (7
or more passes - 31 recommended now) would make data
Dt search will work well for this
Sonja Robinson, CISA
Network Security Analyst
HIP Health Plans
Office: 212-806-4125
Pager: 8884238615
-Original Message-
From: Cosentino, Guilherme V. [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 4:52 PM
To: [EMAIL PROTECTED] Com (E-Mail)
this, sorry.
In any event it is nice to share all of the potential ways to recover lost
data for varying technical capabilities. The more avenues you have the more
chances you might have to recover something even if it is only bits and
pieces.
-Original Message-
From: Robinson, Sonja [mailto
, 2003 6:43 PM
To: Robinson, Sonja; 'Wilcox, Stephen'; [EMAIL PROTECTED];
'Gene LeDuc'
Subject: RE: Digital Evidence Question - What is an effective Windows hard
-disk search tool?
Sonja,
That is so far from correct. With R-Studio $79
(http://www.r-tt.com/RStudio.shtml ), you can repartition
are
always put out.
Sonja Robinson, CISA
Network Security Analyst
HIP Health Plans
Office: 212-806-4125
Pager: 8884238615
-Original Message-
From: dave klimen [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 21, 2003 6:43 PM
To: Robinson, Sonja; 'Wilcox, Stephen'; [EMAIL PROTECTED
If you reformatted, don't waste your money on any product, your stuff is
gone and the $75 tool isn't going to help you. Forensics tolls aren't going
to help you. You're only hope is something like Ontrack and that will cost
you. Even if you could recover some of the information from free
properly. I was wondering if anyone has/knows of one. Looking to recover
my office files - *.xls, *.pst file and *.doc files.
Stephen
-Original Message-
From: Robinson, Sonja [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 10:54 AM
To: Robinson, Sonja; 'marcus peddle'; [EMAIL
-Original Message-
From: Robinson, Sonja [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 10:54 AM
To: Robinson, Sonja; 'marcus peddle'; [EMAIL PROTECTED]
Subject: RE: Digital Evidence Question - What is an effective Windows hard
-disk search tool?
I was a bit rushed yesterday, sorry
, CISA
Network Security Analyst
HIP Health Plans
Office: 212-806-4125
Pager: 8884238615
-Original Message-
From: Robinson, Sonja
Sent: Tuesday, June 17, 2003 3:17 PM
To: 'marcus peddle'; [EMAIL PROTECTED]
Subject: RE: Digital Evidence Question - What is an effective Windows hard
-disk
You're looking for something hat does DoD specs, 31x write, try maresware
decalsfy, bcwipe, etc. There are a number of tools. Make sure that it goes
past the eof flag at the end of the drive. And the LE, most likely used
Encase or FTk. What he did was not magic, it's called forensics. Files
The sender did not indicate that this was spam or otherwise innocous e-mail,
chain mail, etc. The sender indicated possible life threatening which is
extermely serious.
I realise that you can't always trace someone but most of the time you can
and most users are not savy enough to go through a
1. Save the e-mail in all its entirety. Make sure ALL headers are saved.
2. perform header traceback as far as possible ensuring that the e-mail
address is not spoofed. If it is traceback to proper ISP.
3. Once this is performed take it to the users local/county PD and have
them subpoena the
There are some interesting ideas and solutions depending upon your specific
situation. I really like some of the ideas that are being presented. Each
one has pros and cons and needs to be evaluated based on your environment
and your need. VPN is all well and good for your major business partners
Good point starting with Export laws and attorneys. US is pretty strict
about what you can export and to whom as far as encryption goes.
Also in the US, there are some pretty strange state laws or potential state
laws that may or may not prohibit encryption, i.e the Texas and
Massachusetts
We evaluated three enterprise solutions and bid them out. I believe that
once e-mail leaves your network using exchange it is automatically sent
clear text, hence the need for encryption. I am not an exchange
administrator so... And if you are sending PHI or GLBA I would send in no
less then
Dump your PDC logs using DumpEVT or similar. Search the log files for the
users user name or by the MS Security Event Code. This will give you all of
the computer names that his account is trying to be accessed from. So in
other words you will locate HIS true machine, plus any machine that may
Thought this link might help for the HIPAA Implementation timetable:
http://www.hipaadvisory.com/regs/compliancecal.htm
**
This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for
the individual(s)
If they are just thinking about it now they're in some serious trouble.
You've got until April 16th to basically comply or chance being fined
heavily at a minimum and $20K is just for starters. If they comply with ISO
17799 then they should be relatively OK EXCEPT where they are dealing with
PHI
As a side to calling in Law Enforcement, normally you have to already have
your case and prove a loss (felony loss) so document all of your costs
(human, resource, downtime, etc.). I believe in calling in LE's when
required and I think that more companies should prosecute offenders instead
of
In any event a BITSTREAM copy should be taken of any drive prior to analysis
if that is possible. There are times when it is not. Harlan has some good
points on processes, servies and the like. You want to document those
before you take down a machine (workstation or server)anyway if you are
That's it??? Arguments can be made for changing passwords from between 30
and 90 days. Each argument has valid points which I will not elaborate on
again since it's been beaten to death. 30 to 90 is fine but you need to
make sure there is complexity involved. The harder the complexity the
Htcia.org - has lots of links there.
There really aren't certifications per se unless you're in LE and then you
can take one or two certifications. Forensics training classes are
available through Guidance Software, Access Data and NTI among others. You
must meet certain, stringent requirements
since it
covers server workstation configs as well.
-Original Message-
From: Robinson, Sonja
Sent: Friday, December 27, 2002 2:33 PM
To: 'John Smithson'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'
Subject: RE: Incident Response Guidelines
After preparing numerous incident
After preparing numerous incident response teams and plans, may I make the
following suggestions (which of course will be liked by some and not by
others):
Incident Response does not have to be a HUGE project. Think of it as a
process and a workflow. How do I get notified, who gets notified,
-Original Message-
From: Sinha, Amitabh (Amit) [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 09, 2002 11:21 AM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Cc: jon kintner; Rick Darsey;
[EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Providing Visitor Access
NetStumbler and WEPCrack are two programs to use to sniff and crack your
wireless network. You might pick up your neighbors wireless, that's a risk
but better them then you. Hopefully they will have tuned down their
broadcast range but probably not. Hopefully their SSID is not default and
is
the secondary
IPSec it is seemless and disables the first but re-enables the first after
shutting down secondary program
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 22, 2002 5:34 AM
To: Robinson, Sonja; 'Chris Martin'; Brian Bettger
Cc
Absolutely not. Any Internet based IM goes out of your network nd across
the Internet. BAD, BAD, BAD. Now, there are some NEW products that allow
for INTERNAL IM, AOL, Honey-something I think and MS to name a few. This we
are investigating. Also, it allows for a direct connection betrween the
802.11b which is used by current wireless devise is inherently insecure and
WEP is NOT secure. It is imperative that you use VPN to secure any
transmissions. Also, make sure that all defaults are turned off/changed and
lock down the SSID as much as possible. That is unless you want to be war
31 matches
Mail list logo