Toggle navigation
Toggle navigation
Home
DCUM Forums
Nanny Forums
Events
About DCUM
Advertising
Search
Recent Topics
Hottest Topics
FAQs and Guidelines
Privacy Policy
Your current identity is: Anonymous
Login
Preview
Subject:
Forum Index
»
Political Discussion
Reply to "OK... you wanted a Russia investigation, so DNC, start to cooperate"
Subject:
Emoticons
More smilies
Text Color:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Violet
White
Black
Font:
Very Small
Small
Normal
Big
Giant
Close Marks
[quote=Anonymous][quote=jsteele] You are completely contradicting yourself. You started a thread about the FBI being denied access to the DNC's server. When I explained that was not really a big deal, you went off in another direction about the need to investigate other devices, all of which are separate from the server. I can't believe that you actually wrote this: "You confiscate all the infrastructure at the same time for examination." So, you wan the FBI to seize an email server, potentially one or more file servers, potentially an entire cloud service, a firewall, router, any number of switches, an IDS, and who knows what else? That would shut the DNC down. Is that your actual goal? Moreover, firewalls and IDS and most security devices would be useless to investigate in themselves. What is actually important are the log files which are not stored on the devices themselves. Seizing a firewall would provide no benefit. You have pretty much given away the fact that you don't have a clue about what you are talking and have never conducted an actual investigation into a network intrussion (or least not a credible one). [/quote] If it involves a nation-state as you assert, you have to be extremely thorough. "Moreover, firewalls and IDS and most security devices would be useless to investigate in themselves." No. How are you going to get the running configurations of the firewall and IDS from an audit log stored on another device? No. It doesn't dump it's configuration to an audit log. That would be an OPSEC problem right there. "Seizing a firewall would provide no benefit. " No. How do you know if the firewall was properly configured? ALLOW ALL ANY <---> ANY will invalidate just about any valid configuration of the best firewall. So will screwing around with the firmware of a firewall. "What is actually important are the log files which are not stored on the devices themselves." I want to see the routers themselves to see running configurations. Furthermore, how the hell do I know that logging is properly implemented on appliances around the DNC IT shop? Jeff, you have pretty much given away the fact that you don't have a clue about what you are talking anout and have never conducted an actual investigation into a network intrusion (or least not a credible one).[/quote]
Options
Disable HTML in this message
Disable BB Code in this message
Disable smilies in this message
Review message
Search
Recent Topics
Hottest Topics
