Trace Evidence; A Close Look at System Logs Provides Clues to Spot Hacking or Worm Activity.
You can deploy all of the firewalls and intrusion-detection devices money can buy to protect your network from hackers and malicious code, but when it comes to truly knowing what’s happening on your network, there’s no substitute for digging through system log files. Telltale signs that appear in logs offer strong indications that you may have been hacked, say experts. The following should raise alarms in any IT administrator’s head: long entries of random characters, repeated occurrences of “.. “, passwords that have been changed by someone using a user ID of “0” and a null log-in, unexpected configuration changes to systems or devices, and a sudden increase or decrease in the number of log messages generated, to name just a few. But even with these known indicators, uncovering hacker activity can be difficult. “Log analysis is a dirty job,” says Chris Kirschke, senior security analyst at Santa Clara, Calif.-based Silicon Valley Bank, where 1,200 users in 27 locations create 25GB of log data every month. “Logs are where you go to find out what has happened,” Kirschke says. Full Story