TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:22365] Hacked
* Austad, Jay <austad@marketwatch.com> [001008 17:11]:
> any one time. Since over 70% of all compromises come from employees, it
> would be better to have it on the inside networks, but I guess that's what
> gratuitous use of firewalls is for. :)
Most of our internal detection is done via watching syslog off of a
logserver. (well, more than that is done, but thats the bulk of it.)
It would be *nice* to get all internal traffic, but if we have an
internal machine compromise it usually shows up nice and quick via NFR
and cricket, cause 80% of the time its some kid who starts pegging our
internet connection. :P
Really, it seems the focus right now is securing borders, with the idea
that securing internally is useless without it.
(note: I dont speak for the University of Minnesota, my opinions are not
the opinions of the Regents, etc.)
--
Scott Dier <dieman@ringworld.org> #nicnac@efnet
http://www.ringworld.org/ finger:dieman@destiny.ringworld.org
<CmdrTaco:#kuro5hin> SLSAHDOT IS ALWAYS NEWS FOR NERDS.
PGP signature