[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)

Subject: RE: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)
From: "JK" <thejk@xxxxxxxx>
Date: Fri, 8 Jun 2001 14:37:37 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>> And the portsentry alternative to deal with 20+ scans per
>day is....?
>
>Good host-based IDS, updated patches, a hardened server, and
>a vigilant
>admin.

No doubt you are right. However, Portsentry's function isn't only to
block IPs. It also alerts a vigilant admin to any number of suspicious
activities that go on. Whereas Portsentry was not designed to be nor
should be the ONLY deterrent against h4cker5, it can certainly be a
valuable time-saver for some of those vigilant admins, who have little
time as it is to read through milions of lines of log files every day.
(Yes, I exaggerate. But that's really what it feels like.)

>> Are you suggesting that running without Portsentry is
>better than running
>with it?

Therefore, I conclude, running Porsentry is better than not running
it.

Follow-Ups:
- RE: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)
  - From: Tony

References:
- Re: [cobalt-security] [RaQ3] Port Sentry
  - From: Kevin D

Prev by Date: SV: [cobalt-security] [RaQ3] Port Sentry
Next by Date: RE: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)
Previous by thread: Re: [cobalt-security] [RaQ3] Port Sentry
Next by thread: RE: [cobalt-security] [RaQ3] Portsentry's raison d'etre (used to be Port Sentry)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index