Firewall Wizards mailing list archives
RE: Re: tcpdump on my firewall
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 28 Oct 2001 13:21:53 -0500 (EST)
One quick question, if the OS the fw runs on is sun based, do you make sure snoop is removed also? Opps, make that two quick questions, the second being, if you have no account on the fw at all, who monitors or audits the system to make sure it is policy compliant? Thanks, Ron DuResne On Sat, 27 Oct 2001 hesselsp () ashaman dhs org wrote:
I have enjoyed reading all the replies to my post. Here are a few comments in response. 1. For those of you telling me to make a decision reflecting my security policy. The policy is simple; only have things on the firewall that are required. The bone of contention here is, is tcpdump required? Luckily I was able to evade this question thanks to the help of Jose Nazario who gave me a convenient URL to security problems that tcpdump has had in the past. Adding to that was the fact that all of the switches in the network have the required spec that they do port mirroring. 2. For those who suggest simplicity and minimalist is the best idea I totally agree. I did not have vi in the image until one of the techs made a good case that it was required. 3. Chad Schieken stated,1. this is an invaluable troubleshooting tool. It's helped me develop a detailed understanding of poorly documented transactions/protocols in many situations.To which I agree completely, but I suggest that it is a tool best left on a laptop that you plug in as neccessary. 3. Chad Schieken also asked,why did you reject the request in the first place?My rejection of the request was two fold. Firstly, I reject all first time requests out of hand unless they are immediately obvious(like some insurance companies I have heard of:). The reader my not like this policy, but it seems for now to be the only solution. Secondly installation of a piece of software that is not strictly required is against my policy. 5. Frederick M Avolio asked why I don't push it back to the tech and ask him for justification of why it should be on the firewall. Fred was also quite disturbed that the tech might have an account on the firewall. Well this is my fault for not explaining very well. The easiest way to think of my situation is that I am designing/prototyping/implementing the firewall and he is going to administer(read monitor) it. He isn't allowed to install software without my say, but he certainly can strongly suggest things to be put on it. When this firewall makes its way into the field, I SHALL NOT(rfc2119) have an account on these machines. If it sounds strange.... well... there are alot of strange things out there :) 6. That tcpdump is a useful utility I agree. That tcpdump is a utility that should be on my firewall I disagree. While it is the case that anyone who roots my firewall can install libpcap and tcpdump on their own I will give to you. But why should I do them the favour of installing it myself? Thank you everyone for your help to this point,
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- tcpdump on my firewall hesselsp (Oct 26)
- Re: tcpdump on my firewall Jose Nazario (Oct 26)
- Re: tcpdump on my firewall Frederick M Avolio (Oct 26)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- RE: Re: tcpdump on my firewall R. DuFresne (Oct 28)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- Re: tcpdump on my firewall hermit1 (Oct 27)
- Re: tcpdump on my firewall Barney Wolff (Oct 28)
- <Possible follow-ups>
- RE: tcpdump on my firewall Ames, Neil (Oct 26)
- RE: tcpdump on my firewall J B (Oct 27)
- Re: tcpdump on my firewall Matthew Jach (Oct 29)
- Re: tcpdump on my firewall Brian Ford (Oct 31)