Re: [fw-wiz] Log checking?

• Previous message: Attila Nagy: "[fw-wiz] SMTP forwarding question"
• In reply to: Paul D. Robertson: "[fw-wiz] Log checking?"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] Log checking?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Paul D. Robertson" <paul@compuwar.net>
Date: Wed, 29 Sep 2004 18:47:43 +0400

nuqneH,

Sure we do. If ssh and ssl are permitted, it is mandatory to look for
statistics and destinations, otherwise users will use it to tunnel.
Actually, this applies to all protocols.

On Tue, Sep 28, 2004 at 04:05:24PM -0400, Paul D. Robertson wrote:
> Back when I had real production firewalls, I'd log all the permitted
> traffic for a while, then do some analysis of the data to get a
> feel for things like tunnels, misbehaving users, etc.
>
> I've always felt that worrying about denied traffic was mostly for sport-
> if the firewall's policy blocked it, I wasn't all that worried about much
> more than overall trends- what got *through* the firewall seemed to be the
> more interesting set of things.
>
> I'm just wondering if the subset of folks who actually look at their
> firewalls mostly looks at denied traffic only, or if it's a common
> practice to look at the permitted stuff too? If so, what sorts of things
> are you using, and are you finding anything interesting?
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> paul@compuwar.net which may have no basis whatsoever in fact."
> probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
>
> == scanned by TEST ==

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Attila Nagy: "[fw-wiz] SMTP forwarding question"
• In reply to: Paul D. Robertson: "[fw-wiz] Log checking?"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] Log checking?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Large Electron Positron Collider ... extention to an experiment is one that *doubles* the statistics. ... LEP spent most of its life at the Z0 resonance. ... 200 GeV center of mass energy by literally filling every ... could use the tunnel to move ahead with the LHC. ... (sci.physics.relativity) Re: Docklands Light Railway ... Looking at a plan of Greenwich today I noted that the DLR tunnel to ... the Isle of Dogs appeared to be co-incident with the foot tunnel we ... Thanks for that Paul. ... (uk.railway) Re: Overnight parking for Eurotunnel ... paul wrote: ... park overnight. ... There seem to be a few places at dover, ... any good places near the tunnel. ... (uk.rec.motorcaravans)