All Mgrs Mtg-2006.08.02-ISO Update

ISO Update by Steve Scott Recognized Wayne Bradford (CHPC) - he does a great job of looking at his logs and sends info to ISO. He gets movie tickets. Security Awareness: vulnerability researcher (last month) wanted to publish a new browser vulnerability for every day of the month. See www.browserfun.blogspot.com. Log Management: critical process that most of us overlook more than we should. SANS has identified 5 different log events you should look for: see www.chrisbrenton.org/log-summit/Top5LogReports_4C.pdf . They are: - Attempts to gain access through existing accounts - Failed File or Resource Access Attempts - Unauthorized Changes to Users, Groups and Services - Systems most vulnerable to attack - Suspicious or unauthorized network traffic patterns Reminder: make sure all your machines that are submitting logs are synchronized to the same time source (suggests the campus time server). Loganalysis.org and www.ossec.net are both good websites/tools for reading logs. Campus is looking at centralized log management - would start with OIT and then spread it out. It will take a while, but we'll get there.