RE: [fw-wiz] Log checking?

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 09/30/04

Next message: Marcus J. Ranum: "Re: [fw-wiz] SMTP forwarding question"

Previous message: Devdas Bhagat: "Re: [fw-wiz] Log checking?"
In reply to: Ben Nagy: "RE: [fw-wiz] Log checking?"
Next in thread: Paul D. Robertson: "RE: [fw-wiz] Log checking?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Ben Nagy" <ben@iagu.net>, <firewall-wizards@honor.icsalabs.com>
Date: Thu, 30 Sep 2004 14:11:29 -0400

Ben Nagy wrote:
>I think there is some mileage to be had in logging the volume of denied
>outbound traffic over time.

Anyone who has not ALREADY been doing that for years is in
serious need of cranial examination!!

I can only refer you to:
The song of the ancient firewall practitioners, verse 4:
        If your firewall implements your policy,
        and you don't want your future to get dicy,
        examine your deny logs in detail,
        because the contents can be quite spicy!

Seriously, though... If the firewall implements policy, and your
policy is your enterprise's security plan, then anyone who thinks
that attempted policy violations aren't interesting is in serious
need of clue.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Marcus J. Ranum: "Re: [fw-wiz] SMTP forwarding question"

Previous message: Devdas Bhagat: "Re: [fw-wiz] Log checking?"
In reply to: Ben Nagy: "RE: [fw-wiz] Log checking?"
Next in thread: Paul D. Robertson: "RE: [fw-wiz] Log checking?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]