Home page logo
/

basics logo Security Basics mailing list archives

Re: UTM - Unified Threat Management system
From: "Alice Bryson" <abryson () bytefocus com>
Date: Wed, 15 Mar 2006 09:37:46 +0800

hi there
    That's a good idea to do something in inside network, but i think
signature-based sensors are too passive, could there be a better
solution?

2006/3/14, Mario Platt <mplatt () gmail com>:
You can also have IDS sensors in your inside network, that would help
a lot in recognizing attack behaviour. Of course these solutions are
very "signature based", an some "attacks" don't even use "ilegal
schemes", but you can always create your signatures, or, for the
extremely paranoid you can tcpdump all your network traffic, and
analyze it line by line, but I don't think that's feasible :)

On 3/13/06, Saqib Ali <docbook.xml () gmail com> wrote:
    Should UTM think more about the rest 70% of threats? Is there any
good solution to that 70%?

User Awareness / Training. Technical solutions will only go so far in
preventing disgruntled employees from causing disruption. However you
can you can train them to recognize this type of activity / behaviour
before it becomes a problem.

Also system auditing helps in the technical area. Also audit your
authentication / authorization systems for data access.

--
Saqib Ali, CISSP
http://www.xml-dev.com/blog/
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:abryson () bytefocus com

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault