Re: [fw-wiz] syslog and network management
- From: Dave Piscitello <dave@xxxxxxxxxxx>
- Date: Wed, 20 Feb 2008 14:01:32 -0500
I think the goal here is "distancing log files from attack vectors".
If you are confident that an application does not create an exploitable path to your log server you could *in theory* run that application on the log server.
But, how you configure the system that hosts the log server "plus" applications is important, right? You could run a browser to configure certain firewalls from a log server. You probably want to be careful to not do so as admin, to block (public, Internet zone) browsing where you'd fall victim to a drive-by download.
You don't need much horsepower to collect logs, and you'll probably want to archive from the server, so you might consider the cost of investing for a log server only machine against the risk running more than just log service on a machine.
shadow floating wrote:
thanks alot patrick, i was not actually asking about the centralizedbegin:vcard
log server issue as i believe in it...but is it appropriate to add
firewall and router management applications to be installed onto that
server , like ciscoworks and the like?..or it's better to add another
separate management machine in addition to the syslog machine from the
security point of view
thanks alot
Nad
On Feb 19, 2008 8:35 PM, Darden, Patrick S. <darden@xxxxxxxx> wrote:Having a centralized log server is actually definced as best_______________________________________________
practice. It is generally felt that it should only be
the log server though, all other services turned off,
firewall in place, etc. so it can be inviolate for all
auditing, legal procedures, security traces, etc.
The case for centralized logging:
http://ebuzzsaw.com/whitePapers/Case_for_Centralize_Logging.htm
-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of
shadow floating
Sent: Tuesday, February 19, 2008 10:20 AM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] syslog and network management
Hi all,
is it appropriate from security point of view to have one server in
which syslog is installed to colledt logs from all network devices
(firewalls, switches and routers), in addition to installing
management software to like ciscoworks on the same machine, in
addition to using this machine as a network time server to sync all
network devices?, if yes does any one recommed certain specs for this
machine or it can be an ordinary machine with 1 GB of memory and 512
GB hard disk and 3.2 GHz processor.
thanks alot
regards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@xxxxxxxxxxx
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] syslog and network management
- From: shadow floating
- Re: [fw-wiz] syslog and network management
- From: Darden, Patrick S.
- Re: [fw-wiz] syslog and network management
- From: shadow floating
- [fw-wiz] syslog and network management
- Prev by Date: [fw-wiz] CanSecWest 2008 Mar 26-28
- Next by Date: Re: [fw-wiz] Firewall Placement Question
- Previous by thread: Re: [fw-wiz] syslog and network management
- Next by thread: Re: [fw-wiz] syslog and network management
- Index(es):
Relevant Pages
|
