r.fulton at auckland.ac.nz
Tue Feb 25 00:48:30 GMT 2003
On Sat, 2003-02-22 at 10:30, Larry Sheldon wrote:
> That is a fine strategy--as long the much maligned "techies" have no
> responsibilities either for assessing the extent of the damage, nor for
> preventing a recurrence.
I believe that the key thing is to make sure that the techies recognize
when they reach the point of diminishing returns. I firmly believe that
all break-ins need to be investigated so that we can find out if there
are systematic failures in our processes. That does not mean that one
should spend days tracking down every last file modified by a root kit
when the box is going to be cleaned anyway.
Like most things the best path lies somewhere in the middle...
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
"It aint necessarily so" - Gershwin
More information about the unisog