Logs (was Re: [fw-wiz] VPN endpoint)
From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 09/01/04
- Previous message: Marcus J. Ranum: "[fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
- In reply to: anyluser: "Re: [fw-wiz] VPN endpoint"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Wed, 1 Sep 2004 22:27:33 +0530
On 31/08/04 08:41 -0700, anyluser wrote:
>
> Lets also not forget that we have a window into our
> respective networks past. Detailed logging isnt only
> there for tracking down a break in and it's important
In which case I'll invite MJR to break in again and advertise the
current thread on the loganalysis list about the results people want
from it.
Performance metrics, security analysis, trends, top n and bottom n
talkers/listeners, ports used, scalability, fancy reports for management
(those are important too), .....
> to emphasize that. Log analysis is a huge part of our
> jobs. WRT to known threats, it's not a stretch to
> project into future based on events in the past. For
> the unknown threats I try to keep a watchfull eye on
> the traffic patterns and weigh them against the "feel"
> of my territory.
How do you convey this "feel" to another admin/manager who isn't
familiar with the territory yet?
This gut feeling thing is not what is desired in most situations (though
that is usually what we go with).
Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "[fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
- In reply to: anyluser: "Re: [fw-wiz] VPN endpoint"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
