On 14 Oct 2001, Robert Bihlmeyer wrote: > Why use the central mail server? If the logserver's MTA contacts the > admin workstations directly, you have removed one point of > failure/compromise. This MTA still won't have to listen on the > network, just be intelligent enough to send mail to the right host. Are you suggesting that admin workstations run SMTP servers? This seems a tad dangerous from a security perspective; they otherwise have no need to be running any services actively listening on the network. > An attacker would have to compromise most of the admin stations as > well to keep an alert from reaching anybody. Maybe the loghost should But if all of the admin workstations are cookie-cuttered, then breaking into the SMTP server on one means you can break into all of them. -Jeff --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 11:23:37 PDT