harnold at binghamton.edu
Mon Feb 24 18:26:16 GMT 2003
Perhaps, but some of us have budgets and are short of staff. In a perfect
world it would be nice to have the time to investigate. We try to get
services back as soon as possible.
From: Mike Stanley [mailto:mikestanley at utk.edu]
Sent: Monday, February 24, 2003 12:30 PM
To: unisog at sans.org
Subject: Re: [unisog] justification
On Friday, February 21, 2003, at 11:50 AM, Mitch Collinsworth wrote:
> If this is the report I'm thinking of, we had a presentation here a
> few months ago by someone who was directly involved in the project
> that produced that report. Sorry, don't remember her name just now.
> Her conclusion though was that the really costly incidents were the
> ones where the techies got interested in "what happened here?" and
> spent lots of time analyzing the exploit, forensics, et al. Secondary
> conclusion: if you want to save $$ don't do this; when a system is
> cracked, wipe, reinstall, get back to business, let it go.
> Not saying I fully endorse this strategy, though it's obvious how this
> conclusion can easily be reached. Just reporting what I heard.
Sounds like an amazingly short-sighted, almost Microsoftian solution.
"Oh, your machine isn't working right? Format, reinstall Windows, and
everything is all better again."
"Oh, your student information server was hacked? Ah well, wipe,
reinstall, apply the patch de jour and hope it doesn't happen again."
Mike Stanley, MCSE
mikestanley at utk.edu
OIT Lab Services
More information about the unisog