harnold at binghamton.edu
Tue Feb 25 20:10:21 GMT 2003
See my other post dated today.
From: Steve VanDevender [mailto:stevev at darkwing.uoregon.edu]
Sent: Monday, February 24, 2003 2:13 PM
To: unisog at sans.org
Subject: RE: [unisog] justification
Arnold, Jamie writes:
> Perhaps, but some of us have budgets and are short of staff. In a
perfect > world it would be nice to have the time to investigate. We try
to get > services back as soon as possible.
While there are tradeoffs for the amount of time you want to spend figuring
out why something broke compared to the amount of time you want to spend
getting it to work again, not having any idea why it broke means you
probably won't fix it the right way. In the case of problems resulting from
security breaches, if you don't figure out how you got broken into, how are
you going to know that your freshly reinstalled system won't be vulnerable
to exactly the same problem that brought it down in the first place? You
may actually spend less time and money investigating and finding the right
fix than you will just mindlessly reinstalling and rebooting.
More information about the unisog