On Thursday 19 March 2009 04:12:09 pm chris (fool) mccraw wrote:
> i'm more interested in a
> statistical anomaly type of report. "well, you got a thousand SQL
> connections in a second from this host that usually trickles 'em in at
> 1/hour" or "hmm, ssh leaving *from* one of the firewalled mach
On Thu, March 19, 2009 16:12, chris (fool) mccraw wrote:
> hey folks,
>
> one of the last steps remaining for us to become PCI compliant at my
> place of employ is to "employ an intrustion detection or prevention
> system to monitor all traffic in the data environment". we have a lot
> of software
On Mar 19, 2009, at 4:12 PM, chris (fool) mccraw wrote:
> i want something host based that i can run on each
> host behind the firewall to report on things happening to that host.
Just a thought in this direction that you may have already considered.
Host based also allows for being compromised
hey folks,
one of the last steps remaining for us to become PCI compliant at my
place of employ is to "employ an intrustion detection or prevention
system to monitor all traffic in the data environment". we have a lot
of software that serves similar function (file-modification monitor,
carefully