Firewall Wizards mailing list archives

RE: Log checking?

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 30 Sep 2004 14:11:29 -0400

Ben Nagy wrote:

I think there is some mileage to be had in logging the volume of denied
outbound traffic over time.


Anyone who has not ALREADY been doing that for years is in
serious need of cranial examination!!

I can only refer you to:
The song of the ancient firewall practitioners, verse 4:
        If your firewall implements your policy,
        and you don't want your future to get dicy,
        examine your deny logs in detail,
        because the contents can be quite spicy!

Seriously, though...  If the firewall implements policy, and your
policy is your enterprise's security plan, then anyone who thinks
that attempted policy violations aren't interesting is in serious
need of clue.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Log checking?, (continued)
- Re: Log checking? ArkanoiD (Sep 30)
- Re: Log checking? Paul D. Robertson (Sep 30)
- Re: Log checking? Devdas Bhagat (Sep 30)
- Re: Log checking? Mark Tinberg (Sep 30)
  - Re: Log checking? Paul D. Robertson (Sep 30)
- RE: Log checking? Desai, Ashish (Sep 28)
  - Re: Log checking? Adam Shostack (Sep 28)
- RE: Log checking? Luke Butcher (Sep 28)
  - RE: Log checking? Paul D. Robertson (Sep 28)
    - RE: Log checking? Ben Nagy (Sep 30)
    - RE: Log checking? Marcus J. Ranum (Sep 30)
- RE: Log checking? Rodel Collado Urani (Sep 30)
- RE: Log checking? Fiamingo, Frank (Sep 30)
- RE: Log checking? Larry Pitcher (Sep 30)
- RE: Log checking? Luke Butcher (Sep 30)
  - RE: Log checking? Paul D. Robertson (Sep 30)