We are installing a firewall between our academic network and our 'corporate' network and are now having an argument over how the logs should be monitored. One camp wants to monitor the logs 7x24 which would mean contracting this out to a security firm, the other side believes that this is overkill for an institution like us and that what we need is a central logging system that will monior the firewall and the sytems behind it (including integrity checks) and some smart filtering to produce alerts for critical conditions and daily review of the logs. SLR springs to mind. I have been given three days to come up with a proposal and risk analysis etc to back it up as a counter to the outsourced 7x24 proposal (for which no analysis has been done to my knowledge). My main concern with the 7x24 proposal is the cost which I believe would be much better spent on making sure the machines are secure in the first place rather than being spent watching for a compromise to happen. Does anyone have any opinions on the relative merits of the two approaches or any other relevant advice, I would also be interested in any real (sanitized if necessary firewall policies). -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 09:03:13 PST