Proactive Log Review Might Be A Good Idea

Proactive Log Review Might Be A Good Idea(securityblog.verizonbusiness.com)

69 points by pcj 13 years ago | 13 comments

darkarmani 13 years ago |

Increase his salary by 2x and demand 5x work output from him. Let him scale it up and manage his foreign workers.

malbs 13 years ago |

Pro-active log review is a good idea. No argument. I'd been incredibly lazy about log reviews on my two vps's. I started looking through the logs weekly and was incredibly freaked out by what I saw. There are almost constant attacks on the machines (obviously script kiddies), and it was just my initial setup of the linux environment that probably saved me (ssh key based auth, basic iptables, fail2ban etc). It's kind of like when I installed a security camera at the back door of my house (we'd been robbed a couple of times) - it was a pandoras box, prior to the camera going in I was under the illusion that no one ever ventured on to the property. Once the camera went in, I discovered it wasn't a rare event. Same with log reviews, once you start looking, you find attacks are common, and it's actually incredibly unnerving.

Web server logs are another example, once you have a publicly accessible website, you'll see thousands of requests just trolling for phpmyadmin installs, versions of php forum software, known exploitable cgi scripts. I certainly felt better about it when I was ignorant of what was going on with my servers!

However, the example the author provided seems a little far fetched though? Could someone seriously pull this off?

Seems like a house of cards that would fall down the first moment he was required to talk with a colleague about some bit of code he'd committed to source control, he'd have to be a pretty good liar.

pplante 13 years ago | |

Well he could have reviewed the code on a daily basis. He wasn't doing much else with his time. I bet it would take only a few minutes to glance through the code to get enough of an idea what had been worked on. If he was ever asked, he could just push off for a few hours so he could review the code in depth.

He also likely had to keep tabs on the Chinese consultancy to make sure they were producing the work for him.

BryantD 13 years ago |

Google cache: http://webcache.googleusercontent.com/search?q=cache:EGh4ld_...

kylemaxwell 13 years ago | |

Thanks for noticing the site is down! I'm working on it now.

BryantD 13 years ago | | |

No problem!

chmars 13 years ago |

I bet 'Bob' read the 'The 4-Hour Workweek'. His only problem was that he still had to spend time in the office … for Chinese contractors, this story is of course a great free ad.

sachingulaya 13 years ago |

If it wasn't a critical infrastructure company they should've moved him to HR and had him outsource all their coding ;D

schrodinger 13 years ago |

If he's getting everything done to the extent that he's getting great performance reviews, what's the problem?

mikeash 13 years ago | |

Security, for one.

kylemaxwell 13 years ago |

Site should be working again. Now I know what slashdotting feels like. Sorry, everybody!

ChuckMcM 13 years ago | |

Kyle interesting, so it appeared in the Register for a while without issue but lands on HN and blammo! :-)

The problem with looking at logs is that you always find something!

mars 13 years ago |

well done, pal. although he must be bored to death riding his chair into the future.