Firewall Wizards mailing list archives
RE: Log checking?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 30 Sep 2004 14:11:29 -0400
Ben Nagy wrote:
I think there is some mileage to be had in logging the volume of denied outbound traffic over time.
Anyone who has not ALREADY been doing that for years is in serious need of cranial examination!! I can only refer you to: The song of the ancient firewall practitioners, verse 4: If your firewall implements your policy, and you don't want your future to get dicy, examine your deny logs in detail, because the contents can be quite spicy! Seriously, though... If the firewall implements policy, and your policy is your enterprise's security plan, then anyone who thinks that attempted policy violations aren't interesting is in serious need of clue. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Log checking?, (continued)
- Re: Log checking? ArkanoiD (Sep 30)
- Re: Log checking? Paul D. Robertson (Sep 30)
- Re: Log checking? Devdas Bhagat (Sep 30)
- Re: Log checking? Mark Tinberg (Sep 30)
- Re: Log checking? Paul D. Robertson (Sep 30)
- RE: Log checking? Desai, Ashish (Sep 28)
- Re: Log checking? Adam Shostack (Sep 28)
- RE: Log checking? Luke Butcher (Sep 28)
- RE: Log checking? Paul D. Robertson (Sep 28)
- RE: Log checking? Ben Nagy (Sep 30)
- RE: Log checking? Marcus J. Ranum (Sep 30)
- RE: Log checking? Paul D. Robertson (Sep 28)
- RE: Log checking? Rodel Collado Urani (Sep 30)
- RE: Log checking? Fiamingo, Frank (Sep 30)
- RE: Log checking? Larry Pitcher (Sep 30)
- RE: Log checking? Luke Butcher (Sep 30)
- RE: Log checking? Paul D. Robertson (Sep 30)