Toggle navigation
Toggle navigation
Home
DCUM Forums
Nanny Forums
Events
About DCUM
Advertising
Search
Recent Topics
Hottest Topics
FAQs and Guidelines
Privacy Policy
Your current identity is: Anonymous
Login
Preview
Subject:
Forum Index
»
Political Discussion
Reply to "OK... you wanted a Russia investigation, so DNC, start to cooperate"
Subject:
Emoticons
More smilies
Text Color:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Violet
White
Black
Font:
Very Small
Small
Normal
Big
Giant
Close Marks
[quote=jsteele][quote=Anonymous] "Moreover, firewalls and IDS and most security devices would be useless to investigate in themselves." No. How are you going to get the running configurations of the firewall and IDS from an audit log stored on another device? No. It doesn't dump it's configuration to an audit log. That would be an OPSEC problem right there. [/quote] I'm going to take the time to expose your cluelessness line by line. The current configuration of firewalls and IDSs is of no concern. What matters is the configuration at the time of the intrusion. Even those configurations are not actually that important since they can be deduced from the traffic logs. At any rate, normal procedure is to keep backups of configurations. Among other things, that helps when you need to roll back to an earlier configuration. Again, having the physical device is of no help and seizing such devices and removing them from the DNC's network would be very problematic, probably causing the network to cease functioning. [quote=Anonymous] "Seizing a firewall would provide no benefit. " No. How do you know if the firewall was properly configured? ALLOW ALL ANY <---> ANY will invalidate just about any valid configuration of the best firewall. So will screwing around with the firmware of a firewall. .[/quote] That can be easily determined from the traffic log. Have you actually ever administered a firewall? [quote=Anonymous] "What is actually important are the log files which are not stored on the devices themselves." I want to see the routers themselves to see running configurations. Furthermore, how the hell do I know that logging is properly implemented on appliances around the DNC IT shop? [/quote] The running config can be provided without having to provide the physical device. If logging was not properly implemented, that will be revealed by the logs themselves. Similar to my question above, have you ever administered a firewall? [quote=Anonymous] Jeff, you have pretty much given away the fact that you don't have a clue about what you are talking anout and have never conducted an actual investigation into a network intrusion (or least not a credible one).[/quote] Wrong. I worked as a network security engineer in a government facility for several years during which time I conducted multiple investigations of network intrusions (even one originating from Russia). I have years of experience administering routers, firewalls, IDSs, and other network security devices. I had a CISSP certification, though I haven't bothered to renew it since becoming self-employed. [/quote]
Options
Disable HTML in this message
Disable BB Code in this message
Disable smilies in this message
Review message
Search
Recent Topics
Hottest Topics
