Re: so, is I[dp]S a STUPID technology?

[Valdis.Kletnieks () vt edu]

On Wed, 12 Oct 2005 16:08:38 CDT, Paul Schmehl said:

> You mean *used to*.  Nessus isn't free any more.  I'll rummage around on 
> the Purdue site.  But you should know that tools aren't the only problem. 
> Time is too.  There's only two of us doing this work, and va isn't our only 
> responsibility.
>
> How many bodies do you have in security?

Umm.. let's see. There's our IT Sec Officer, and then there's Randy, and
then there's a bunch of people on our CIRT who aren't officially "security",
but who have some security-related responsibility related to their day-to-day
job.  Randy calls it the "volunteer rescue squad model".  Somewhere between a half
dozen to a dozen.  And then of course, we have all the departments who have
their own pet sysadmins, who are usually responsible for making sure the
machines they admin are secure.

One thing we usually try really hard to leverage are the departmental admins.
Shameless plug: Hosting a SANS-EDU is a good way to get a lot of training for
your admins, cheap.  :)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.