Tuesday, January 15, 2008

"Blocking" vs Logging: Which is A Better Deterrent?

Loved this quote from one of the mailing lists: "The best deterrent is going to be a policy stipulating consequences for violation, a logging server with at least many months of firewall/proxy/Internet access logs, and your employees understanding that you can track it back to them after the fact."

Why aren't more people thinking about it? Why such obsession about trying (and failing!) to block if you can log - and achieve the same policy outcome!?

Dr Anton Chuvakin