

Proactive Log Review Might Be A Good Idea - pcj
http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/

======
darkarmani
Increase his salary by 2x and demand 5x work output from him. Let him scale it
up and manage his foreign workers.

------
malbs
Pro-active log review is a good idea. No argument. I'd been incredibly lazy
about log reviews on my two vps's. I started looking through the logs weekly
and was incredibly freaked out by what I saw. There are almost constant
attacks on the machines (obviously script kiddies), and it was just my initial
setup of the linux environment that probably saved me (ssh key based auth,
basic iptables, fail2ban etc). It's kind of like when I installed a security
camera at the back door of my house (we'd been robbed a couple of times) - it
was a pandoras box, prior to the camera going in I was under the illusion that
no one ever ventured on to the property. Once the camera went in, I discovered
it wasn't a rare event. Same with log reviews, once you start looking, you
find attacks are common, and it's actually incredibly unnerving.

Web server logs are another example, once you have a publicly accessible
website, you'll see thousands of requests just trolling for phpmyadmin
installs, versions of php forum software, known exploitable cgi scripts. I
certainly felt better about it when I was ignorant of what was going on with
my servers!

However, the example the author provided seems a little far fetched though?
Could someone seriously pull this off?

Seems like a house of cards that would fall down the first moment he was
required to talk with a colleague about some bit of code he'd committed to
source control, he'd have to be a pretty good liar.

~~~
pplante
Well he could have reviewed the code on a daily basis. He wasn't doing much
else with his time. I bet it would take only a few minutes to glance through
the code to get enough of an idea what had been worked on. If he was ever
asked, he could just push off for a few hours so he could review the code in
depth.

He also likely had to keep tabs on the Chinese consultancy to make sure they
were producing the work for him.

------
BryantD
Google cache:
[http://webcache.googleusercontent.com/search?q=cache:EGh4ld_...](http://webcache.googleusercontent.com/search?q=cache:EGh4ld_KwXUJ:securityblog.verizonbusiness.com/2013/01/14/case-
study-pro-active-log-review-might-be-a-good-
idea/+http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-
active-log-review-might-be-a-good-idea/&cd=1&hl=en&ct=clnk&gl=us)

~~~
kylemaxwell
Thanks for noticing the site is down! I'm working on it now.

~~~
BryantD
No problem!

------
chmars
I bet 'Bob' read the 'The 4-Hour Workweek'. His only problem was that he still
had to spend time in the office … for Chinese contractors, this story is of
course a great free ad.

------
sachingulaya
If it wasn't a critical infrastructure company they should've moved him to HR
and had him outsource all their coding ;D

------
schrodinger
If he's getting everything done to the extent that he's getting great
performance reviews, what's the problem?

~~~
mikeash
Security, for one.

------
kylemaxwell
Site should be working again. Now I know what slashdotting feels like. Sorry,
everybody!

~~~
ChuckMcM
Kyle interesting, so it appeared in the Register for a while without issue but
lands on HN and blammo! :-)

The problem with looking at logs is that you always find something!

------
mars
well done, pal. although he must be bored to death riding his chair into the
future.

