Logs (was Re: [fw-wiz] VPN endpoint)

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 09/01/04

  • Next message: Paul D. Robertson: "[fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
    To: firewall-wizards@honor.icsalabs.com
    Date: Wed, 1 Sep 2004 22:27:33 +0530
    
    

    On 31/08/04 08:41 -0700, anyluser wrote:
    >
    > Lets also not forget that we have a window into our
    > respective networks past. Detailed logging isnt only
    > there for tracking down a break in and it's important

    In which case I'll invite MJR to break in again and advertise the
    current thread on the loganalysis list about the results people want
    from it.

    Performance metrics, security analysis, trends, top n and bottom n
    talkers/listeners, ports used, scalability, fancy reports for management
    (those are important too), .....

    > to emphasize that. Log analysis is a huge part of our
    > jobs. WRT to known threats, it's not a stretch to
    > project into future based on events in the past. For
    > the unknown threats I try to keep a watchfull eye on
    > the traffic patterns and weigh them against the "feel"
    > of my territory.

    How do you convey this "feel" to another admin/manager who isn't
    familiar with the territory yet?
    This gut feeling thing is not what is desired in most situations (though
    that is usually what we go with).

    Devdas Bhagat
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "[fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"