Re: [fw-wiz] Acqusition of time

From: R. DuFresne (dufresne@sysinfo.com)
Date: 01/29/03

Next message: Paul D. Robertson: "Re: [fw-wiz] Acqusition of time"
Previous message: Noonan, Wesley: "RE: [fw-wiz] Acqusition of time"
In reply to: Brian Monkman: "[fw-wiz] Acqusition of time"
Next in thread: Paul D. Robertson: "Re: [fw-wiz] Acqusition of time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "R. DuFresne" <dufresne@sysinfo.com>
To: Brian Monkman <bmonkman@comcast.net>
Date: Wed Jan 29 10:28:17 2003

time settings can be very important if only for researching problems and
or abuses via your logs. If the firewalls logs are off by a
day/week/month/<few hours> from your other systems or external systems,
how does one prse their logs to correspond to abuse complaints of issues
with the firewall blocking needed accesses, or not blocking and filtering
accesses properly? Besides there's nothing that makes a systems or
network admin look more lazy at first glance to others <auditors and mgrs,
etc> then poorly set clockings <smile>.

Thanks,

Ron DuFresne

On Wed, 29 Jan 2003, Brian Monkman wrote:

> Folks - I'm having a discussion with a few people and we have a
> question that we are interested in getting comments from the list on.
>
> Are there any situations where a firewall's acqusition of time
> could/should be from a network time source? Not necessarily a public
> source, it could be an "internal" time source.
>
> If there are situations where this makes sense, should these same
> firewalls have battery backed up clocks on board or would that be
> unnecessary?
>
> Brian
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!

Next message: Paul D. Robertson: "Re: [fw-wiz] Acqusition of time"
Previous message: Noonan, Wesley: "RE: [fw-wiz] Acqusition of time"
In reply to: Brian Monkman: "[fw-wiz] Acqusition of time"
Next in thread: Paul D. Robertson: "Re: [fw-wiz] Acqusition of time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Processing time and IDS traffic
... (forensics, anti-virus, IDS, firewalls, etc.) ... What I did was parse the logs into XML records and arranged them into a nice ... strategically placed IDS system and what people get from a IDS system ... - Automatically Control P2P, IM and Spam Traffic ...
(Focus-IDS)
Re: [fw-wiz] Log checking?
... > Back when I had real production firewalls, ... I was analysing squid logs with custom Perl scripts. ... official MTAs to go through generated quite a bit of logging too). ... tunneling was not as popular and/or easy to the general ...
(Firewall-Wizards)
RE: Port 5552?
... Grepping through October's logs, I found a few more on ... > What I can't find is what uses this port. ... Sydney Area Health Service." ...
(Incidents)
Re: Check Point NG Cluster Logging issue
... >couple of hours and The firewall logs locally. ... >When I perform a cprestart member-1, it would log to the SmartCenter ... On the individual firewalls - what is the "local" time. ... As the "time" is incremented by the interrupt, ...
(comp.security.firewalls)