Firewall Wizards mailing list archives

Re: Event management

From: Magosányi Árpád <mag () bunuel tii matav hu>
Date: Mon, 21 Aug 2000 10:07:50 +0200

A levelezőm azt hiszi, hogy Chris Trudeau a következőeket írta:

All,

Looking for an effective means to provide real-time (or as close as
possible) monitoring and event management for security devices....

Requirements:

A=firewall   B=management console

*Traffic from A-->B MUST be encrypted (@ least 3DES)
*Must be prtable to Linux and Solaris (Probably no problem)
*Agent/Console IS acceptable
*Must provide for DIsk utilization, CPU utilization, Temp alerts (if
available), 
swap utilization and other OS level alerts
*Must be vendor Neutral (support multiple firewall vendors-specifically
Axent/Checkpoint)

I know there are commercial packages out there, but I only need to
initially implement for a small number.  If this list is monitored by
vendor representatives who want to do a demo, contact me.  The potential
is considerably larger.



If we are talking about only the event handling connected to operation
management (and not security related alerts), the following scheme seems to
work:

All devices run some scripts from cron, which checks the system health
of the system. 
The output of the script is (through the stdin of ssh) sent to the health
monitoring station (which is protected on the level of intranet; untrusted
operators should look at the results, no one can operate on the firewalls
from that station).
On the monitoring station there is a Netsaint, which can be looked at through
http(s).
It can be extended by all bells-and-whistles of netsaint: bells, 3D, independent
backup stations, and (this has the best hacque level for me, although have no
real use unless one cannot see) alerts told by the computer with festival speech
synthesizer system>

The above meets all the above specified criteria, but we have not talked
about the real question: security alerts.

-- 
GNU GPL: csak tiszta forrásból

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Event management Chris Trudeau (Aug 20)
- Re: Event management Magosányi Árpád (Aug 21)
  - Re: Event management Chris Trudeau (Aug 21)
  - Re: Event management Nicholas Tang (Aug 24)
- <Possible follow-ups>
- Re: Event management Nicholas Tang (Aug 26)