Help is on its way for security professionals and the sysadmins they depend on to detect intrusions.
In December, the SANS Institute will publish a Sysadmin Cheat Sheet for Detecting Intruders, Ed Skoudis, security consultant with International Network Services, told SearchSecurity. Skoudis is currently contributing to the project aimed at helping IT and security work together in the area of intrusion detection.
Skoudis said security needs the help of sysadmins when it comes to keeping systems patched and watching for abnormal behavior. "Sysadmins need to be the eyes and ears for the security people, because they can't touch everything," he said.
The cheat sheet is a one-page outline of tasks to aid sysadmins in detecting anomalous behavior, including how to look for unusual processes and ports. Sysadmins can go through the quick checklist on a daily or weekly basis, said Skoudis.
The document will be available for free download online, and companies will be able to add their logo and contact information for their incident response team before distributing to IT folks.
"The idea is that 90% of sysadmins don't really know what to do, and if they do know, they don't know where to call so they freelance it themselves," said Skoudis.
The Sysadmin Cheat Sheet for Detecting Intruders will be available in separate versions for Linux and Windows.