[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: intruder clues

To: ids@uow.edu.au
Subject: IDS: intruder clues
From: "Meritt, Jim" <Jim.Meritt@wang.com>
Date: Mon, 24 Apr 2000 11:29:27 -0400

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
If a corporation/organization/whatever has NOT implemented an IDS, what do
you (the reader specifically) look for/at during after-the-event intrusion
detection?

I'm looking for individual responses other than real-time clues (the system
isn't even connected to the network any more) and the multitude of log files
(a system may, or may not, have varied logging enabled)

_______________________
The opinions expressed above are my own.  The facts simply are and belong to
none. 
James W. Meritt, CISSP, CISA
Senior Secure Systems Engineer at Wang Government Services, Inc.

Prev by Date: IDS: IDS Focus Area at SecurityFocus.com
Next by Date: Re: IDS: intruder clues
Prev by thread: IDS: IDS Focus Area at SecurityFocus.com
Next by thread: Re: IDS: intruder clues
Index(es):
- Date
- Thread