Ask HN: Infosec best practices
Every now and then I am intrigued by the specificity of leaked information disclosed when learning about a security breach of some company. "They got this information, and this information, and some of that". I assume that there is some worst-case logic going on here, and a lot of it probably involves trawling around in logs somewhere, however I often wonder how much more there is to the story than I am aware of.
Lots of online security stuff tends to be things like "lock down your SSHD and you'll be fine". I am curious to know if anyone has any stories or recommended reading regarding what else should be done to ensure security and allow successful investigations, etc. ie, sufficient logging, indefinite storage of logs, etc.
Is there more to this, or is it as simple as "just log everything!"?
1 comment
[ 3.9 ms ] story [ 11.7 ms ] thread