[389] in Intrusion Detection Systems
Re: I got an intruder ...
daemon@ATHENA.MIT.EDU (Joseph Seanor)
Thu Nov 16 01:48:16 1995
Date: Wed, 15 Nov 1995 10:54:15 -0800 (PST)
From: Joseph Seanor <cibir@netcom.com>
To: ids@uow.edu.au
Cc: ids@uow.edu.au
In-Reply-To: <9510098159.AA815954412@smtp.bnr.com>
Reply-To: ids@uow.edu.au
After reading this current thread I wanted to make a reply to the group.
A number of people have had a problem with tracking down the intruders,
this is not always a problem. I am a Private Investigator that
specializes in Computer Crime cases and have had a great deal of success
tracking down intruders and plugging system holes that were used.
The real problem that I have run into is how far is the victim willing to
go with the case? Sometimes all they want to do is stop the intruder,
others want to take them to court, and others just want to call the
person on the phone and say "Gotcha!"
If anyone is having such a problem, here is some basic advice that can
help you:
1. Ensure that you have a statement at signon saying "This
system is for use by authorized individuals only.....the system monitors
any suspected illegal access...."
2. Capture ALL activity of the intruder.
3. Save TWO copies of the logs, one should be completely
untouched, while the second can be viewed or printed.
Just my two cents on the subject.
Joseph Seanor
CIBIR Corporation
cibir@netcom.com
