Firewall Wizards mailing list archives
Re: monitoring and controlling servers on internet segment
From: "Patrick Giagnocavo +1.717.201.3366" <patrick () zill net>
Date: Tue, 4 May 2004 10:54:00 -0400
Why not hook up a serial port between the two machines? It would be completely out of band. By having the agent simply log information to that serial port, then have a process on the second machine analyze / parse it, security risks would be minimized. If you are a Unix shell wizard you could no doubt figure out multiple ways to transfer files or transmit a TCP/IP, unix domain socket, or other communication method over serial. You could even break off the pins of the serial port which handle transmitting data from the second machine; so any buffer overflow that allowed an attacker to compromise the logging machine could not result in data being retrieved. That is, the cable could be made to be "receive only" from the logging machine's viewpoint. Of course, this assumes that the agent sending the data is not sending so much that a serial port cannot handle it, and that the machines are physically close enough to each other to run serial cable. Cordially Patrick Giagnocavo patrick () zill net _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: monitoring and controlling servers on internet segme nt Yinal Ozkan (May 04)
- Re: monitoring and controlling servers on internet segment Shimon Silberschlag (May 04)
- <Possible follow-ups>
- RE: monitoring and controlling servers on internet segme nt Richard . Bertolett (May 04)
- Re: monitoring and controlling servers on internet segment Patrick Giagnocavo +1.717.201.3366 (May 04)