Firewall Wizards mailing list archives
RE: WebTrends Alternative
From: "Ken Fox" <kenfox () starlinx com>
Date: Thu, 25 Nov 1999 00:06:52 -0500
If tossing log data around in the DMZ is considered too risky, then a serial (as in RS-232) connection can be made from the FW to the logging device. This pathway can't be hacked through unless the logging device is compromised. Downside, the logging device and the FW have to be placed at the same site. [Ken Fox] Another though is to configure a 3rd interface and dedicate that to your logging output to a specific machine on a specific port. That machine aggregates and/or processes the logs, and is much less hackable. (theoretically) -- now assuming that the interface between the logging box and the firewall(s) is only susceptible to being flooded, thereby crashing the logger, then that system is not *really* a link to the inside network; additionally the 3rd IF would be configured such that it was not trusted. Inorder to use the data from the log box, you'd either need to deal with it only on that box, or have a 2nd interface there which would allow you to export the data to what ever machines / people you needed to.
Current thread:
- WebTrends Alternative Burden, James (Nov 21)
- Correction: Re: WebTrends Alternative Randy Witlicki (Nov 22)
- Re: WebTrends Alternative Siglite (Nov 23)
- Re: WebTrends Alternative Saravana Ram (Nov 24)
- Re: WebTrends Alternative Siglite (Nov 28)
- Re: WebTrends Alternative Steve Anich (Nov 28)
- RE: WebTrends Alternative Matt McClung (Nov 30)
- Re: WebTrends Alternative Saravana Ram (Nov 24)
- <Possible follow-ups>
- RE: WebTrends Alternative Ken Fox (Nov 28)
- RE: WebTrends Alternative Cracknell, Phil (Nov 28)
- RE: WebTrends Alternative Jan van Rensburg (Nov 30)