[Tfug] Lightweight IDS options/strategy/policy
Bexley Hall
bexley401 at yahoo.com
Tue Sep 24 22:12:35 MST 2013
Hi Kramer,
On 9/24/2013 3:08 PM, Kramer Lee wrote:
> The best thing would be to be able to keep packets of your information
> from going out of the computer. So what if there is an intrusion? it
> only is a problem if there is an outflow of information as a result of
> the intrusion.
Think about it. Would you tolerate something on your
"personal" internet if it *couldn't* "dial out" -- but
*could* interfere with the operation or integrity of
your stuff?
I can contain attacks so they can't "do" anything (even
for an adversary "on the inside" -- though I can't prevent
certain types of DoS attacks ).
But, how do I tell the user (internet owner/administrator) that
something is (possibly) *trying* to "harm" (?) him -- even if
I've neutralized the threat?
And, what do I tell him to *do* in that event? "Worry"? :<
More information about the tfug
mailing list