Re: [fw-wiz] More Syslog Questions
From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 07/19/04
- Previous message: Melson, Paul: "RE: [fw-wiz] Firewalling at the domain users level instead of network level"
- In reply to: Nathaniel Hall: "[fw-wiz] More Syslog Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Tue, 20 Jul 2004 01:58:09 +0530
On 19/07/04 08:10 -0500, Nathaniel Hall wrote:
<snip>
> Server 1 is connected to the main network. Server 2 is connected to Server
> 1 using a cross over cable. Server 2 listens in promiscuous mode.
> Physically the servers are secure and the only way to access Server 2 is
> through KVM over IP.
A more commonly proposed solution is to send the logs to server 1 and
have server 2 on a spanned/mirrored port on the same switch. Server 2
has no IP address on the network interface attached to the switch. Grab
port 514/UDP traffic and dump to disk.
Server 2 has a separate physical interface which can be reached from a
different management subnet.
IMHO, a server with a variant of syslogd listening on all ports and ssh
only from a single host should be good enough. If the host has two
physical interfaces, put them on two physically separate networks and
have sshd listen only on the management interface.
This protects you from everything except a syslogd exploit.
Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Melson, Paul: "RE: [fw-wiz] Firewalling at the domain users level instead of network level"
- In reply to: Nathaniel Hall: "[fw-wiz] More Syslog Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
