Re: Reacting to IDS alerts
From: Windex King (WindexKing@mor-lan-d.com)Date: 06/03/02
- Previous message: josebianco: "Re: badnwidth monitor"
- Maybe in reply to: shawn merdinger: "Re: Reacting to IDS alerts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 03 Jun 2002 00:48:48 -0400 From: Windex King <WindexKing@mor-lan-d.com> To: security-basics@securityfocus.com
H C wrote:
> Second, are the attempts successful? If not...why
> bother?
I believe the context of this thread so far has been
with respect to IDS systems monitoring Internet facing
servers/traffic.
How much should things change when you're monitoring
internal systems? Should monitoring groups still not
care about multiple failed logons to a machine, etc.
as long as the "attacker" didn't get in?
W K
- Previous message: josebianco: "Re: badnwidth monitor"
- Maybe in reply to: shawn merdinger: "Re: Reacting to IDS alerts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
