[Dshield] IH Policy for third party webhosts?

warwick ackfin warwick7th at gmail.com
Mon Mar 14 14:00:56 GMT 2005


I have a situation where a client's website and webapplications are
hosted by a third party in another country.  Recently they have
experienced prolonged unscheduled downtime and the webhost is tell me
that there was an attack of some sort but will not go into further
detail.

This isn't your regular webhost and my client has a contract with
certain expectations wired into it.  Unfortunately, the contract is
devoid of any incident handling measures expected of the webhost such
as sharing of log information and attack characteristics.

Has anyone out there found themselves in the same nightmarish
predicament?  If so, what types of things did you include in the
policy?

I want to be mindful of the webhosts security posture and the need to
protect their own perimeter.  I know I can't ask for all the IDS /
Firewall logs but I should be able to request grepped logs pertaining
to my client's environment right?

....and for the record...the idea of halting the SANS practicals is a
very VERY bad one...

http://www.giac.org/practicals/termination.php

--Warwick



More information about the list mailing list