Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: IDS (was: FW appliance comparison)

From: <chris () blask org>
Date: Tue, 24 Jan 2006 20:14:33 -0800 (PST)


On Tue, 24 Jan 2006, Cat Okita wrote:

On Tue, 24 Jan 2006, Marcus J. Ranum wrote:



If your firewall bogs down because of a little bit of logging it is
a POS and should be used as a flower planter, not a security
device.



Oh - I agree completely.  If my firewall bogs down because of a little
bit of logging, it should be pushing up daisies.



... but I'm not thinking of a 'little' bit of logging.  I'm thinking of
"look at everything that could -possibly- be of interest".


... and everything *is* of interest.  Everything that is happening and has happened on a network is descibed in 
glorious detail by the logging of the devices and applications that make up that network.  The only reason not to focus 
on producing that telemetry and making sense of it is because there is too much, which becomes a lame excuse after a 
long enough time.
 
Devices should be able to report on everything they do, there should be someplace to put all this stuff, and there 
should be tools to digest it appropriately.  Some of the pieces necessary are coming together and it's generally the 
most usefull area to focus on.

-cheers!

-chris
 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: