Security Support Personnel Duties

Define, produce, and maintain official security policy and documentation
Act as the organisation's personal data protection officer
Recommend and develop internal security standards
Monitor, audit, and test systems and networks for possible security problems
Monitor (and respond to) security alerts, newsgroups, mailing lists, and postings.
Review security log files on a daily basis and investigate anomalies as needed
Evaluate, procure, test, install, and maintain security infrastructure tools
Test and install patches and fixes for security vulnerabilities in vendor software
Stay current on security technology and possible threats to your organization
Respond to security incidents
- Investigation
- Coordination
- Reporting
- Follow-up
- Liaise with law-enforcement officers
- Expert witness in legal proceedings
Participate in reviews and analysis of internal projects
Advocate corporate information security policy and procedures to internal and external clients, customers, users, and staff

Security log example

Subject: istlab.dmst.aueb.gr security check output
Date: Sat, 15 Jun 2002 03:01:02 +0300 (EEST)
From: Charlie Root <root@istlab.dmst.aueb.gr>
To: undisclosed-recipients:;

Checking setuid files and devices:


Checking for uids 

Checking setuid files and devices:


Checking for uids of 0:
root 0
toor 0


Checking for passwordless accounts:


istlab.dmst.aueb.gr kernel log messages:
> Jun 14 17:21:29 istlab su: dds to root on /dev/ttyp0
> Jun 14 23:30:02 istlab sendmail[65649]: g5EKU1a65648: Truncated MIME Content-Disposition header due to field size (length = 23) (possible attack)


istlab.dmst.aueb.gr login failures:


istlab.dmst.aueb.gr refused connections:

Coordination with ISP

Subject: Re: Prospatheia hacking
Date: Mon, 15 Jan 2001 12:49:33 +0200
From: OTEnet Network Abuse Team <abuse@otenet.gr>
To: Diomidis Spinellis <dds@host.gr>

On Mon, Jan 15, 2001 at 11:30:06AM +0200, Diomidis Spinellis wrote:
> Ο παρακάτω χρήστης σας προσπάθησε το Σάββατο να παραβιάσει το μηχάνημα
> XXX.XXX.XXX.XXX:
> 
> Jan 13 01:28:17 inet popper[20009]: ddl@athe530-q166.otenet.gr: -ERR
> Unknown command: "close".
> Jan 13 01:28:19 inet popper[20009]: Possible probe of account ddl from
> host
> athe530-q166.otenet.gr
> Jan 13 01:28:31 inet popper[20010]: dds@athe530-q166.otenet.gr: -ERR
> Unknown command: "l".
> Jan 13 01:28:33 inet popper[20010]: dds@athe530-q166.otenet.gr: -ERR
> Unknown command: "r".
> 
> Παρακαλώ να με ενημερώσετε για τις ενέργειές σας.
> 
> Φιλικά,
> 
> Δ. Σπινέλλης

-- 
Agaphte Kyrie

Meta apo e3etash twn log files pou mas exete steilei, exoume entopisei ton
syndromhth mas ekeino, o opoios empleketai sthn en logw apopeira kai exoume 
pra3ei ta deonta prokeimenou na mhn epanalhfthoun sto mellon tetoies energeies 
apo merous tou.

OTEnet Network Abuse Team

Complaint

Subject: [Spam mail]
Date: Tue, 22 Jan 2002 12:56:20 +0200
From: XXX@yyy.gr
To: abuse@isp.gr
CC: abuse@host.gr

Aytos fainetai (me traceroute) oti pairnei grammh apo esas. Epeidh oi idioi
einai spammers sas stelnw esas to complaint.

To spam einai attached.
Eyxaristw.

-- 

[Copy of the spam mail]