One can always state..: Let us put a box on site, and point all logging to it, and then the MSP is remotely connected to the box, and everything is nice and rosy.. Nope, there is authentication, encryptions, blah, blah, etc, etc A simple fingerprint scan that is some what successful can clearly identify the box, and any port that is open and then attack it. Oops, just knocked some hybrid Unix box offline.. All the MSP noc person sees is that they are no longer receives alerts. Reaction: Call customer" Hi so and so, this is MSP so and so, we are no longer receiving messages from our remotely managed box" Customer: Am I vulnerable MSP rep: Unsure of the status, could you do the following.... Doesn't provide much confidence in my mind.. One doesn't need senior engineers available, one needs a better way of remotely recycling power.. :) At 10:49 PM 6/27/2001 -0400, Len Rose wrote: The answer to this has always been automation, whether it's automation of log analysis, alarms/traps, and/or on the fly packet header monitoring. When an alarm occurs, the SOC gets alerted and an escalation procedure begins. This is standard practice. You don't have senior engineers monitoring systems 24 x 7 but you damned well better have them available when something real happens. _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls