Re: Hopefully this is an intelligent question

From: Bill Matherly Jr (bmatherlyjr_at_cox.net)
Date: 05/06/03


Date: Tue, 06 May 2003 17:42:30 GMT

Dave Thornburgh wrote:
> "Bill Matherly Jr" <bmatherlyjr@cox.net> wrote in message
> news:1rRta.31381$3n5.17312@news2.central.cox.net...
>
>>So your suggesting that if I am doing the auditing at the person's
>>physcial PC I should go ahead and use the loopback IP, and if I am
>>attempting to audit it remotely just use the server assigned IP?
>
>
>
> Not at all. I'm suggesting that you audit from another PC, using the
> external address of the target. Auditing a PC from that same PC can be
> misleading at best - some services may handle traffic at the loopback
> address differently than traffic at the external address. Also, any
> security measures (installed software firewall, operating system settings,
> etc.) may be less effective against traffic coming from inside that machine,
> no matter what address the traffic is aimed at. The only true test of a
> machine's vulnerabilities has to come from outside.
>
> You may as well just give up on the whole concept of the loopback address -
> it's just not germane to the concept of auditing for security purposes.
>
> Dave

I was afraid you were going to tell me that :]

thanks for the input, Dave

Bill



Relevant Pages

  • Re: Hopefully this is an intelligent question
    ... I'm suggesting that you audit from another PC, ... Auditing a PC from that same PC can be ... misleading at best - some services may handle traffic at the loopback ... it's just not germane to the concept of auditing for security purposes. ...
    (alt.computer.security)
  • Re: access to "manage auditing and security log"
    ... Can you add Admin to Manage auditing and security log from here? ... Dave Cattapan wrote: ... >>error code associated with the failed update installation. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: HPUX Auditing Strangeness
    ... > I support some HPUX 10.20 boxes on which I need to run auditing to meet DOD ... Let's say I have a user named Dave ... > and I want to view any occurrences of Dave executing a chmod system call. ... > Then I confirmed that the user Dave is being audited. ...
    (comp.sys.hp.hpux)
  • RE: Auditing Log On not working-Win2kPro
    ... Auditing Log On not working-Win2kPro ... Are they audited for failure and success or only one of them? ... yes, Dave, I'll give it a shot. ... Mark Sargent. ...
    (Security-Basics)
  • Re: Network Security Services for SBS 2000
    ... Kickoff post: Windows auditing: ... Dave wrote: ... > There is a lot to digest there. ...
    (microsoft.public.backoffice.smallbiz2000)