> > Rather, I'd say that you need to stay on top of security; > anybody who > > had any MS-SQL servers anywhere approaching visible from > the internet > > wasn't paying attention to basics. > > I completely agree on that count - I was thinking more about the > consequences of when someone inadvertently releases a worm inside the > firewall (laptop, VPN, etc.). Being able to react quickly is key and > that's much easier if you use some sort of QoS so your > control requests > get handled ahead of worm traffic (syslog should also be above normal > priority but below the control channel). It sounds like what happened > to BofA was a case of the ATM VLAN getting nailed because it shared > physical connections with a separate VLAN which was getting the worm > traffic. I agree that laptop and VPN can - and unfortunately is often - the weakest point in defense. I know it sholdn't be. But honestly - how often do you see machines more or less unprotected dialing out to the Internet. The same machines, that are at least occasionally connected to the internal net. Again, this should not happen. But in reality it is... The QoS is an interesting point. But back to my question: DID syslog work under attack or not? Any experience or samples on that? I mean real-world ones... Rainer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 14:26:18 PST