On Fri, 12 Oct 2001, John Rowan Littell wrote: > regards to keeping the IDS output on the loghost, I might suggest > creating email accounts on the loghost to which you directly send the > mails. This wouldn't be any more difficult than sending them > off-host. Then you can dictate a login method of your favorite Yes, this was what I had intended. The ideal interface for reviewing these log entries (IMHO) is to bunch the entries into sets wherein each entry can be viewed and then marked as "read". Most mail reader provide this interface for you already, so keeping it is a big plus. > (major) vulnerability point to the workstation from which the admins > log in, but with a secure connection, this is a lot less troublesome. Yes. My main worry would be the compromise of the sysadmin workstation. This is much less likely than an actual server (since we're not running any services that listen on the network on the workstations), but still possible through passive attacks (browsers overflows, email vulnerabilities, etc). My gut feeling is to say that the sysadmin workstations are "secure enough" for our environment. -Jeff --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 13:00:03 PDT