21 Dec
2004
21 Dec
'04
2:29 a.m.
On Tue, 21 Dec 2004 07:09:35 +0000 (GMT), Christopher L. Morrow <christopher.morrow@mci.com> wrote:
I'm not such a fan of the auto-acting devices, I'd rather have a person review the action prior to taking it.... Each security/network person should determine how best to handle that themselves though.
For most large networks with hundreds of thousands of end users (broadband providers, say), the sheer volume of trojaned or otherwise compromised hosts makes automation necessary. This should of course be subject to manual review once the traffic has been cut off.. -- Suresh Ramasubramanian (ops.lists@gmail.com)