Firewall Wizards mailing list archives

Re: monitoring and controlling servers on internet segment

From: "Patrick Giagnocavo +1.717.201.3366" <patrick () zill net>
Date: Tue, 4 May 2004 10:54:00 -0400


Why not hook up a serial port between the two machines?  It would be
completely out of band.  

By having the agent simply log information to that serial port, then
have a process on the second machine analyze / parse it, security
risks would be minimized. If you are a Unix shell wizard you could no
doubt figure out multiple ways to transfer files or transmit a TCP/IP,
unix domain socket, or other communication method over serial.

You could even break off the pins of the serial port which handle
transmitting data from the second machine; so any buffer overflow that
allowed an attacker to compromise the logging machine could not result
in data being retrieved.  That is, the cable could be made to be
"receive only" from the logging machine's viewpoint.

Of course, this assumes that the agent sending the data is not sending
so much that a serial port cannot handle it, and that the machines are
physically close enough to each other to run serial cable.

Cordially

Patrick Giagnocavo
patrick () zill net
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: monitoring and controlling servers on internet segme nt Yinal Ozkan (May 04)
- Re: monitoring and controlling servers on internet segment Shimon Silberschlag (May 04)
- <Possible follow-ups>
- RE: monitoring and controlling servers on internet segme nt Richard . Bertolett (May 04)
  - Re: monitoring and controlling servers on internet segment Patrick Giagnocavo +1.717.201.3366 (May 04)