> Michael S. Hines <mshines@ia.purdue.edu> writes - > > > > I also montior the firewalls list (@greatcircle.com) and view that as a > > "prevention" method rather than as a detection method. I was considering join the firewall list, how much traffic on average ? > > I am more interested in approaches which prevent intrusion, rather than > > after the fact detection. But detection is certainly important, as there ^^^^^^^^^^^^^^^^^^ The goal of some systems are detection before a full intrusion, or should I say before it gets to any critical point. This is defineately one of the most difficult task, and so most systems would appear to have a long way to go in meeting this goal. > > are probabily more people than are aware that their system has either been > > hacked, or is currently under surveilance. Yes, knowing a system is being monitored tends to scare off the average hacker /cracker/crasher (whichever you prefer), who would just look for easier turf. But then there are those who see this as an added challenge (one would expect that this class of hacker would be the highly sophisticated). While it is reported that most intrusive activity is actually internal users, one would guess that if they knew they were being monitored then they wouldn't try anything. However what stops them from trying things gradually, and in alot of cases the user might have a good idea of what is and what isn't being monitored. I would think that in the long run a system that is being monitored would see alot less activity than one that isn't (but how do you compare if you aren't monitoring). B) Now firewalls maybe a good preventative measure, but it assumes you only have adversaries on the outside of the domain/subnet etc. > > I'm looking forward to exhanging ideas with others with similar interests. > > > Michael, I'm sure that you'll run into folks on this list that also > are sub'd to the firewalls@greatcircle.com. > I have a tendency to agree with you; personally, I view prevention as > the paramount issue. However, detection is also an issue which is many > times taken fro granted and simply overlooked. Yes, the majority of systems dont even produce an audit trail. > Cheers, > _______________________________________________________________________________ > Paul Ferguson > US Sprint > Managed Network Engineering tel: 703.904.2437 > Herndon, Virginia USA internet: paul@hawk.sprintmrn.com -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf@cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-330 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | LiNuX - the only justification for using iNTeL | +---------------------+--------------------------------------------------+