Re: [fw-wiz] syslog and network management



I think the goal here is "distancing log files from attack vectors".

If you are confident that an application does not create an exploitable path to your log server you could *in theory* run that application on the log server.

But, how you configure the system that hosts the log server "plus" applications is important, right? You could run a browser to configure certain firewalls from a log server. You probably want to be careful to not do so as admin, to block (public, Internet zone) browsing where you'd fall victim to a drive-by download.

You don't need much horsepower to collect logs, and you'll probably want to archive from the server, so you might consider the cost of investing for a log server only machine against the risk running more than just log service on a machine.

shadow floating wrote:
thanks alot patrick, i was not actually asking about the centralized
log server issue as i believe in it...but is it appropriate to add
firewall and router management applications to be installed onto that
server , like ciscoworks and the like?..or it's better to add another
separate management machine in addition to the syslog machine from the
security point of view

thanks alot

Nad

On Feb 19, 2008 8:35 PM, Darden, Patrick S. <darden@xxxxxxxx> wrote:
Having a centralized log server is actually definced as best
practice. It is generally felt that it should only be
the log server though, all other services turned off,
firewall in place, etc. so it can be inviolate for all
auditing, legal procedures, security traces, etc.

The case for centralized logging:
http://ebuzzsaw.com/whitePapers/Case_for_Centralize_Logging.htm




-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of
shadow floating
Sent: Tuesday, February 19, 2008 10:20 AM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] syslog and network management


Hi all,
is it appropriate from security point of view to have one server in
which syslog is installed to colledt logs from all network devices
(firewalls, switches and routers), in addition to installing
management software to like ciscoworks on the same machine, in
addition to using this machine as a network time server to sync all
network devices?, if yes does any one recommed certain specs for this
machine or it can be an ordinary machine with 1 GB of memory and 512
GB hard disk and 3.2 GHz processor.

thanks alot

regards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@xxxxxxxxxxx
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: [fw-wiz] syslog and network management
    ... Having a centralized log server is actually definced as best ... , in addition to installing ... network devices?, if yes does any one recommed certain specs for this ...
    (Firewall-Wizards)
  • Re: [fw-wiz] syslog and network management
    ... Is it a good idea to have a centralized log server for a plethora of devices and servers? ... auditing, legal procedures, security traces, etc. ... network devices?, if yes does any one recommed certain specs for this ...
    (Firewall-Wizards)