Re: your mail

John-David Childs (jdc@ism.net)
Mon, 20 Nov 1995 11:37:00 -0700 (MST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Yvonne Carlton: "AIX Security Guidelines -Reply"
Previous message: Mark_W_Loveless@smtp.bnr.com: "Re[2]: Introduction"
In reply to: Max Heffler: "G-03: AOLGOLD Trojan Alert Bulletin"

On Fri, 17 Nov 1995, Max Heffler wrote:

> > When joining the list I ask you to briefly introduce yourself,
> 
> I never did this when I joined the list many months ago.

Neither did I.

For many years, I built a reputation (whether tis good or bad remains to be 
seen :-) "cracking" into systems which I shouldn't have had access to (the 
machines were in work environments and/or were cracked by permission with 
results given to responsible parties).

Now, I am the System Administrator for Internet Services Montana in 
Missoula, MT.  Despite running various free "attack checkers" posted by 
members of this and other lists as well as using my previous cracking 
experience, we were recently bitten by what I believe to be the 
syslog bug (we were hit before my vendor came out with a patch...and I 
don't have source code...and I missed one of the programs which uses 
syslog...and I was very grumpy!)

As far as I can tell, the attackers left nothing more than a calling card 
in my logfile (for which I was grateful...I wouldn't have known it 
otherwise).  I still resinstalled everything from the original CD and 
restored user files after checking for insecurities.

The users on my system will tell you that I'm nothing short of rabid 
about security...logging just about everything that's legal to log.
Unfortunately, I haven't developed a good system of analyzing these log 
files except through scripts to check for certain key words and/or 
egregious discrepancies in the network (e.g. the number of ICMP redirects 
jumps by more than X%).  It seems that a majority of freeware/shareware 
log analyzers are written for SunOS/SVR4 (and also a predominant number 
of known security bugs :-( but I don't have one (I'm using a BSD 4.4 
variant).  Anyone with any suggestions for a good log analyzer?

There isn't a lot of "stuff" on our system which would attract 
crackers/hackers, thus I see no real need for things like Secure-ID or 
system-wide encryption. I have a packet-level firewall in place.  However, 
I am considering employing Kerberos authentication.

My question to the group is this:  if my customer travels to a remote 
location which doesn't use Kerberos, what happens?  Can they still get in 
using alternate methods?  I want to secure my system, but not make it 
incredibly inconvenient.
--

John-David Childs                http://www.ism.net/~jdc
Information Systems Tech         University of Montana-Missoula (406)243-2321
System Administrator             Internet Services Montana (406)542-0838
"I used up all my sick days...   so I'm calling in dead"

Next message: Yvonne Carlton: "AIX Security Guidelines -Reply"
Previous message: Mark_W_Loveless@smtp.bnr.com: "Re[2]: Introduction"
In reply to: Max Heffler: "G-03: AOLGOLD Trojan Alert Bulletin"