Firewall Wizards mailing list archives

Re: RE: IDS (was: FW appliance comparison)

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 25 Jan 2006 07:27:48 -0500

Paul D. Robertson wrote:

No, there's another reason not to collect it;  Everything you collect 
under almost all evnironments is ultimately legally discoverable.


That's the dumbest argument against logging I've ever heard. :(

If it existed in your network in some form or other such that it
was transferred and could be logged, it's already legally discoverable.
It just becomes a question of how. Yes, you can carefully construct
your Email system to not retain anything but can you carefully
construct your users so they don't? Can you construct your
backup system so that only the "right" data is non-transitory?
Can you make your staff subpoena-proof? etc. That's where you
are much more likely to have problems, not in your logging system.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: RE: IDS (was: FW appliance comparison), (continued)
- - - Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Joseph S D Yao (Jan 25)
    - Re: RE: IDS (was: FW appliance comparison) chris (Jan 24)
    - Re: RE: IDS (was: FW appliance comparison) Cat Okita (Jan 25)
    - Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 25)
    - Re: RE: IDS (was: FW appliance comparison) chris (Jan 25)
    - Re: RE: IDS (was: FW appliance comparison) Paul D. Robertson (Jan 25)
    - Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 25)
    - Re: RE: IDS (was: FW appliance comparison) Paul D. Robertson (Jan 25)
    - Re: RE: IDS (was: FW appliance comparison) Brian Loe (Jan 25)
    - Message not available
    - Re: RE: IDS (was: FW appliance comparison) Marcus J. Ranum (Jan 27)
    - Message not available
    - Re: RE: IDS (was: FW appliance comparison) Brian Loe (Jan 26)
    - Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Jan 25)
    - Re: FW appliance comparison - Seeking input for the forum Christine Kronberg (Jan 24)
    - Message not available
    - Re: FW appliance comparison - Seeking input for the forum Avishai Wool (Jan 25)
    - Re: FW appliance comparison - Seeking input for the forum Paul D. Robertson (Jan 25)
    - Re: FW appliance comparison - Seeking input for the forum ArkanoiD (Jan 25)
    - Re: FW appliance comparison - Seeking input for the forum Avishai Wool (Jan 25)

(Thread continues...)