On 7 May 2001, at 19:57, Alvin Oga wrote:
>
> hi ya eric
>
> i think that a good hacker/cracker can enter your system
> and hide himself within a few minutes...depending on
> what method the attacked and got into your system.
>
> if you check your logs daily/hourly... you're too late
> in being able to detect their presence as its all
> been erased/cleaned up...
>
> you do need some form of "intrusion detection" to be
> triggered when an event occures that pages you to come
> check the server "now".... not later...
> - problem is sometimes you get too many false
> errors/warnings... so time to make a better filter...
>
> every 30 min or 15 minute sweep is probably okay for most
> admin ... to get a warm and fuzzy that things are normal
I would think that the abnormal activity would also show up in the
firewall logs (which are sent to a different system entirely).
But you are right that a good intrusion detection system would be
great. But my budget doesn't afford much.
Thanks,
Eric Johnson
--------------------
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
