On Fri, Aug 20, 2004 at 10:24:35PM -0400, Phil Hollows wrote: > Also, are you really saying that since it can take you up to a day to find > out that your NIDS are down? Does anyone else have standards or policies > around monitoring security system availability / functionality? Ah - sorry I wasn't more precise: I meant the NID is up - but the SPANned port it sniffs isn't SPANed any more. There no way of telling if an Ethernet port is "magically" able to see other traffic than by seeing if it can see - well - traffic. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sat Aug 21 2004 - 10:02:06 PDT