Re: Firewall Reporting
From: Arthur Hagen (art_at_broomstick.com)
Date: 12/30/04
- Next message: John Morrison: "Re: Sygate Personal Firewall V5.6 + Win2K: woes ..."
- Previous message: Casey: "Re: Whats the best to use?"
- In reply to: Munpe Q: "Re: Firewall Reporting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Dec 2004 18:39:35 -0500
Munpe Q <funyon@gmail.com> wrote:
> Ya know, I was really hoping I'd get a vague response, and look, you
> fulfilled my dreams.
The answers are as good as you could possibly expect from questions as vague
as those you asked.
For 5), I could add that it's useful to document intrusion attempts, if it
ever becomes enough of a nuisance to warrant taking actions, or as an aid
for creating special rules for apps where the documentation is wrong,
incomplete or misleading.
For 4), the tools used most definitely depend on what you want reported, and
why. Since that can vary from time to time, I prefer not to waste resources
on running automated reports, but pull out the pertinent data on the fly,
using standard Unix tools (sed/grep/awk/perl). Automated reports are only
useful if someone actually reads them, compares them, understands them,
*and* can act upon them. This hardly ever happens in RL.
Well, sometimes reports can make mid-level mismanagement happy, as it
creates extra paperwork to make them appear busy and productive.
-- *Art
- Next message: John Morrison: "Re: Sygate Personal Firewall V5.6 + Win2K: woes ..."
- Previous message: Casey: "Re: Whats the best to use?"
- In reply to: Munpe Q: "Re: Firewall Reporting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
