[fw-wiz] Log checking?
From: Paul D. Robertson (paul_at_compuwar.net)
Date: 09/28/04
- Previous message: Mark Tinberg: "Re: [fw-wiz] The Mathematics of Relative Security"
- Next in thread: Desai, Ashish: "RE: [fw-wiz] Log checking?"
- Maybe reply: Desai, Ashish: "RE: [fw-wiz] Log checking?"
- Maybe reply: Luke Butcher: "RE: [fw-wiz] Log checking?"
- Maybe reply: Paul D. Robertson: "RE: [fw-wiz] Log checking?"
- Reply: Adrian Grigorof: "Re: [fw-wiz] Log checking?"
- Maybe reply: Rodel Collado Urani: "RE: [fw-wiz] Log checking?"
- Maybe reply: Fiamingo, Frank: "RE: [fw-wiz] Log checking?"
- Reply: ArkanoiD: "Re: [fw-wiz] Log checking?"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Log checking?"
- Reply: Devdas Bhagat: "Re: [fw-wiz] Log checking?"
- Reply: Mark Tinberg: "Re: [fw-wiz] Log checking?"
- Maybe reply: Larry Pitcher: "RE: [fw-wiz] Log checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Tue, 28 Sep 2004 16:05:24 -0400 (EDT)
Back when I had real production firewalls, I'd log all the permitted
traffic for a while, then do some analysis of the data to get a
feel for things like tunnels, misbehaving users, etc.
I've always felt that worrying about denied traffic was mostly for sport-
if the firewall's policy blocked it, I wasn't all that worried about much
more than overall trends- what got *through* the firewall seemed to be the
more interesting set of things.
I'm just wondering if the subset of folks who actually look at their
firewalls mostly looks at denied traffic only, or if it's a common
practice to look at the permitted stuff too? If so, what sorts of things
are you using, and are you finding anything interesting?
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mark Tinberg: "Re: [fw-wiz] The Mathematics of Relative Security"
- Next in thread: Desai, Ashish: "RE: [fw-wiz] Log checking?"
- Maybe reply: Desai, Ashish: "RE: [fw-wiz] Log checking?"
- Maybe reply: Luke Butcher: "RE: [fw-wiz] Log checking?"
- Maybe reply: Paul D. Robertson: "RE: [fw-wiz] Log checking?"
- Reply: Adrian Grigorof: "Re: [fw-wiz] Log checking?"
- Maybe reply: Rodel Collado Urani: "RE: [fw-wiz] Log checking?"
- Maybe reply: Fiamingo, Frank: "RE: [fw-wiz] Log checking?"
- Reply: ArkanoiD: "Re: [fw-wiz] Log checking?"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Log checking?"
- Reply: Devdas Bhagat: "Re: [fw-wiz] Log checking?"
- Reply: Mark Tinberg: "Re: [fw-wiz] Log checking?"
- Maybe reply: Larry Pitcher: "RE: [fw-wiz] Log checking?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
