On 17 Jul 2017, at 21:11, Watson Ladd wrote:
How do you detect unauthorized access separate from knowing what
authorization is?
I think we're talking at cross purposes, here. Can you clarify?
Yes, but you'll rot13 or rot 128 the file first. Why wouldn't you?
Many don't. And being able to see rot(x) in the cryptostream has value.
And the endpoints taking logs won't be?
Logs are no substitute for seeing the packets on the wire.
Applications can rate-limited their own endpoints.
There's a lot more to DDoS defense than rate-limiting. Rate-limiting
often leads to gross overblocking.
You're telling me a dedicated out of stream box can handle this but a
beefy server cannot?
Sadly, in all too many cases, yes.
No one is taking away the ability to log the PMS to a file. That's the
capacity which exists now.
But the capacity in question here is to see the packets on the wire.
Alternatively it's because you've decided to run your networks in ways
very
different from the public internet and used this as a way to avoid
organizational battles over giving operations the tools they need to
work.
I think that some perceptions of how these things are done even on the
public Internet may be a bit circumscribed.
The tools that network engineers and security personnel need analyze
network traffic. Logs are insufficient.
-----------------------------------
Roland Dobbins <rdobb...@arbor.net>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
