* Austad, Jay <austad at marketwatch.com> [001008 17:11]:
> any one time.  Since over 70% of all compromises come from employees, it
> would be better to have it on the inside networks, but I guess that's what
> gratuitous use of firewalls is for.  :)

Most of our internal detection is done via watching syslog off of a
logserver. (well, more than that is done, but thats the bulk of it.)

It would be *nice* to get all internal traffic, but if we have an
internal machine compromise it usually shows up nice and quick via NFR
and cricket, cause 80% of the time its some kid who starts pegging our
internet connection. :P

Really, it seems the focus right now is securing borders, with the idea
that securing internally is useless without it.

(note: I dont speak for the University of Minnesota, my opinions are not
the opinions of the Regents, etc.)

-- 
Scott Dier <dieman at ringworld.org> #nicnac at efnet 
http://www.ringworld.org/  finger:dieman at destiny.ringworld.org

<CmdrTaco:#kuro5hin> SLSAHDOT IS ALWAYS NEWS FOR NERDS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 233 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20001008/8d794897/attachment.pgp
-------------- next part --------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org