Firewall Wizards mailing list archives
Re: Network cables as security devices
From: Kevin Steves <stevesk () sweden hp com>
Date: Sun, 27 Sep 1998 23:24:09 +0200 (MET DST)
[old thread, I know..] On Thu, 27 Aug 1998, Dominique Brezinski wrote: : This is not an answer to the original question, but rather a different : approach to the same problem (though more expensive). Another approach is : to build a second logging network. All machines that need to be logged get : a second Ethernet interface. Give the logging machine and all the second : interfaces reserved addresses (10. or 192.168 etc.) and hook them up to a : hub. Make sure the machines generating the audit data are not routing to : the logging network, and harden the logging machine to point where the only : port listening is the logging service (syslog or whatever). I've thought of doing this, and it may make sense in certain topologies, but I would be extremely wary about using this approach in a layered perimiter architecture, as it could permit an attacker to bypass chunks of the perimeter. For example, if you have border<->gw0<->gw1<->choke in series, and they're all tied to a shared logging net, a compromise of border may be used to bypass gw0 and gw1 to get to choke. It's not entirely clear if this is what you were proposing, but I wanted to point it out. As always, the devil is in the details.
Current thread:
- Re: Network cables as security devices Kevin Steves (Sep 29)
- Re: Network cables as security devices Dominique Brezinski (Sep 29)