On Wednesday, January 25, 2017 at 6:22:14 PM UTC+1, raah...@gmail.com wrote: > On Tuesday, January 24, 2017 at 9:15:10 AM UTC-5, Kopimi Security wrote: > > On Monday, January 23, 2017 at 8:38:56 PM UTC+1, Reg Tiangha wrote: > > > Yeah, I tried it myself leaving my laptop turned on and on learning mode > > > for three weeks straight, but it didn't catch everything and certain > > > things still failed so there's definitely some manual massaging that > > > needs to be done. > > > > Thank you for your input! > > > > Would you think a sniffing approach, or a tripwire approach, to be better*? > > > > * On a RAM-limited system > > what do you mean by sniffing approach?
Sorry for being unclear, I'm not a native speaker. By "sniffing", I meant to refer to active monitoring of known attack types, a pro-active approach as opposed to a more after-the-fact intrusion detection system. Kind of like watchdogs for memory, and snort for ports. Google recently wrote up some advice for hardening KVMs: https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html Their number one advice is using a pro-active approach. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/02fa0201-0f4f-43c4-a786-164a6147d35d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.