mailing list archives
Re: lots of monkeys staring at a screen....security?
From: "Halvar Flake" <halvar () gmx de>
Date: Fri, 27 Oct 2006 17:23:26 +0200
In this entire IDS debate, I would like to recommend reading an old
blog post from FX:
Security by weglassen --> Security by omission.
I still agree with the concept of replacing an IDS with just a large
of tapes on which to archive all traffic. IDSs will never alert you to an
in-progress, and by just dumping everything onto a disk somewhere you can
at least do a halfways-decent forensics job thereafter. Since everybody and
his dog is doing cryptoshellcode these days you won't be all-knowing, but
at least you should be able to properly identify which machine got owned
Dailydave mailing list
Dailydave () lists immunitysec com