* Austad, Jay <austad at marketwatch.com> [001008 17:11]: > any one time. Since over 70% of all compromises come from employees, it > would be better to have it on the inside networks, but I guess that's what > gratuitous use of firewalls is for. :) Most of our internal detection is done via watching syslog off of a logserver. (well, more than that is done, but thats the bulk of it.) It would be *nice* to get all internal traffic, but if we have an internal machine compromise it usually shows up nice and quick via NFR and cricket, cause 80% of the time its some kid who starts pegging our internet connection. :P Really, it seems the focus right now is securing borders, with the idea that securing internally is useless without it. (note: I dont speak for the University of Minnesota, my opinions are not the opinions of the Regents, etc.) -- Scott Dier <dieman at ringworld.org> #nicnac at efnet http://www.ringworld.org/ finger:dieman at destiny.ringworld.org <CmdrTaco:#kuro5hin> SLSAHDOT IS ALWAYS NEWS FOR NERDS. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 233 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20001008/8d794897/attachment.pgp -------------- next part -------------- --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org