Question!
This is directed at all of my haxor friends - I'm looking for a tool (preferably open-source) that will allow me to take emails generated by our firewalls full of logging information and put them in a repository or somesuch to make all this data useful - Right now I have to manually go through potentially hundreds of emails a day that mostly
( Read more... )
Ideally I'm looking to build an archive of these sorts of things so I can see if there's specific hosts that are probing for vulnerabilities, or even worse engaging in a full-out attack. I've had my paranoia button hit a few times recently, and I'd like to ensure we're doing everything we can to keep our systems secure *before* we get hit with a lawsuit. Unfortunately, the standard practice here is to pay it no mind until it's a problem . . . we sell and install these very robust firewall/routers with a generic config loaded and then walk away and never look at them again . . . I don't think that's going to cut it when someone compromises one of our servers and runs off with critical data. I've already seen 2 systems get rooted and turned into spam zombies, and the only reason anyone here found out about it is because the client called and said "gee, the system performance has gone to crap over the past few weeks." Imagine what could have happened if the intruder was less concerned about spamming Viagra adverts and actually took a look through the server's contents - he could have potentially gotten away with a lot of sensitive data including bank account numbers and SSNs. And we would have never even noticed that anything was amiss.
Reply
Leave a comment