Lack of audit trail helps hackers

Link: Response time key to dealing with hackers

The company claimed its research shows that firms are failing to maintain log files adequately – and in some cases not even bothering to switch the logs on.

NTA Monitors’ technical director Roy Hills said companies don?t turn on logs because traffic gets monitored elsewhere, and because it would use up too much disk space.

‘Then other companies do log, but don’t keep the records long enough – I’ve seen several huge corporations where the log files are overwritten every thirty minutes. If they were attacked, there would be no record of what had happened,’ he said in a statement.

‘Then there are the people who are logging, but not getting it right – like storing the information on public folders that hackers can access and easily cover their tracks,’ Hill added.

Companies also forget time synchronisation, he said. A serious incident is likely to involve several different systems – but companies won’t be able to piece together what has happened if they can’t track from one log to another.

The Home Office is to review the existing Computer Misuse Act to see if it still provides enough protection against hackers and other problems.

But Hills said: ‘Most companies won’t be able to supply the evidence needed to secure convictions, meaning criminals will get off scot-free despite any change in law.’

Related reading