Firewall Wizards mailing list archives
RE: Re: tcpdump on my firewall
From: hesselsp () ashaman dhs org
Date: Sat, 27 Oct 2001 23:12:47 -0400 (EDT)
I have enjoyed reading all the replies to my post. Here are a few comments in response. 1. For those of you telling me to make a decision reflecting my security policy. The policy is simple; only have things on the firewall that are required. The bone of contention here is, is tcpdump required? Luckily I was able to evade this question thanks to the help of Jose Nazario who gave me a convenient URL to security problems that tcpdump has had in the past. Adding to that was the fact that all of the switches in the network have the required spec that they do port mirroring. 2. For those who suggest simplicity and minimalist is the best idea I totally agree. I did not have vi in the image until one of the techs made a good case that it was required. 3. Chad Schieken stated,
1. this is an invaluable troubleshooting tool. It's helped me develop a detailed understanding of poorly documented transactions/protocols in many situations.
To which I agree completely, but I suggest that it is a tool best left on a laptop that you plug in as neccessary. 3. Chad Schieken also asked,
why did you reject the request in the first place?
My rejection of the request was two fold. Firstly, I reject all first time requests out of hand unless they are immediately obvious(like some insurance companies I have heard of:). The reader my not like this policy, but it seems for now to be the only solution. Secondly installation of a piece of software that is not strictly required is against my policy. 5. Frederick M Avolio asked why I don't push it back to the tech and ask him for justification of why it should be on the firewall. Fred was also quite disturbed that the tech might have an account on the firewall. Well this is my fault for not explaining very well. The easiest way to think of my situation is that I am designing/prototyping/implementing the firewall and he is going to administer(read monitor) it. He isn't allowed to install software without my say, but he certainly can strongly suggest things to be put on it. When this firewall makes its way into the field, I SHALL NOT(rfc2119) have an account on these machines. If it sounds strange.... well... there are alot of strange things out there :) 6. That tcpdump is a useful utility I agree. That tcpdump is a utility that should be on my firewall I disagree. While it is the case that anyone who roots my firewall can install libpcap and tcpdump on their own I will give to you. But why should I do them the favour of installing it myself? Thank you everyone for your help to this point, -- -- Paul _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- tcpdump on my firewall hesselsp (Oct 26)
- Re: tcpdump on my firewall Jose Nazario (Oct 26)
- Re: tcpdump on my firewall Frederick M Avolio (Oct 26)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- RE: Re: tcpdump on my firewall R. DuFresne (Oct 28)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- Re: tcpdump on my firewall hermit1 (Oct 27)
- Re: tcpdump on my firewall Barney Wolff (Oct 28)
- <Possible follow-ups>
- RE: tcpdump on my firewall Ames, Neil (Oct 26)
- RE: tcpdump on my firewall J B (Oct 27)
- Re: tcpdump on my firewall Matthew Jach (Oct 29)