Re: [fw-wiz] RE: IDS (was: FW appliance comparison)

Paul D. Robertson wrote:
>No, there's another reason not to collect it; Everything you collect
>under almost all evnironments is ultimately legally discoverable.

That's the dumbest argument against logging I've ever heard. :(

If it existed in your network in some form or other such that it
was transferred and could be logged, it's already legally discoverable.
It just becomes a question of how. Yes, you can carefully construct
your Email system to not retain anything but can you carefully
construct your users so they don't? Can you construct your
backup system so that only the "right" data is non-transitory?
Can you make your staff subpoena-proof? etc. That's where you
are much more likely to have problems, not in your logging system.


firewall-wizards mailing list