Re: Reacting to IDS alerts

From: Windex King (WindexKing@mor-lan-d.com)
Date: 06/03/02


Date: Mon, 03 Jun 2002 00:48:48 -0400
From: Windex King <WindexKing@mor-lan-d.com>
To: security-basics@securityfocus.com


H C wrote:
> Second, are the attempts successful? If not...why
> bother?

I believe the context of this thread so far has been
with respect to IDS systems monitoring Internet facing
servers/traffic.

How much should things change when you're monitoring
internal systems? Should monitoring groups still not
care about multiple failed logons to a machine, etc.
as long as the "attacker" didn't get in?

W K



Relevant Pages