Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: RE: IDS (was: FW appliance comparison)

Re: RE: IDS (was: FW appliance comparison)

From: Marcus J. Ranum <mjr_at_ranum.com>
Date: Wed, 25 Jan 2006 07:27:48 -0500

Paul D. Robertson wrote:
>No, there's another reason not to collect it; Everything you collect
>under almost all evnironments is ultimately legally discoverable.

That's the dumbest argument against logging I've ever heard. :(

If it existed in your network in some form or other such that it
was transferred and could be logged, it's already legally discoverable.
It just becomes a question of how. Yes, you can carefully construct
your Email system to not retain anything but can you carefully
construct your users so they don't? Can you construct your
backup system so that only the "right" data is non-transitory?
Can you make your staff subpoena-proof? etc. That's where you
are much more likely to have problems, not in your logging system.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jan 25 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]