Firewall Wizards mailing list archives
Re: syslog and network management
From: Dave Piscitello <dave () corecom com>
Date: Wed, 20 Feb 2008 14:01:32 -0500
I think the goal here is "distancing log files from attack vectors".If you are confident that an application does not create an exploitable path to your log server you could *in theory* run that application on the log server.
But, how you configure the system that hosts the log server "plus" applications is important, right? You could run a browser to configure certain firewalls from a log server. You probably want to be careful to not do so as admin, to block (public, Internet zone) browsing where you'd fall victim to a drive-by download.
You don't need much horsepower to collect logs, and you'll probably want to archive from the server, so you might consider the cost of investing for a log server only machine against the risk running more than just log service on a machine.
shadow floating wrote:
thanks alot patrick, i was not actually asking about the centralized log server issue as i believe in it...but is it appropriate to add firewall and router management applications to be installed onto that server , like ciscoworks and the like?..or it's better to add another separate management machine in addition to the syslog machine from the security point of view thanks alot Nad On Feb 19, 2008 8:35 PM, Darden, Patrick S. <darden () armc org> wrote:Having a centralized log server is actually definced as best practice. It is generally felt that it should only be the log server though, all other services turned off, firewall in place, etc. so it can be inviolate for all auditing, legal procedures, security traces, etc. The case for centralized logging: http://ebuzzsaw.com/whitePapers/Case_for_Centralize_Logging.htm -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of shadow floating Sent: Tuesday, February 19, 2008 10:20 AM To: Firewall Wizards Security Mailing List Subject: [fw-wiz] syslog and network management Hi all, is it appropriate from security point of view to have one server in which syslog is installed to colledt logs from all network devices (firewalls, switches and routers), in addition to installing management software to like ciscoworks on the same machine, in addition to using this machine as a network time server to sync all network devices?, if yes does any one recommed certain specs for this machine or it can be an ordinary machine with 1 GB of memory and 512 GB hard disk and 3.2 GHz processor. thanks alot regards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Attachment:
dave.vcf
Description:
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: syslog and network management, (continued)
- Re: syslog and network management shadow floating (Feb 20)
- Re: syslog and network management Darden, Patrick S. (Feb 21)
- Re: syslog and network management david (Feb 22)
- Re: syslog and network management Brian Loe (Feb 22)
- Re: syslog and network management david (Feb 23)
- Re: syslog and network management Brian Loe (Feb 25)
- Re: syslog and network management david (Feb 27)
- Re: syslog and network management ArkanoiD (Feb 29)
- Re: syslog and network management Timothy Shea (Feb 29)
- Re: syslog and network management shadow floating (Feb 20)
- Re: syslog and network management Alejandro Ezequiel Fernández Preda (Feb 21)
- Re: syslog and network management Dave Piscitello (Feb 22)
- Re: syslog and network management Brian Loe (Feb 22)
- Re: syslog and network management Brian Loe (Feb 22)
- Re: Firewall Placement Question Aniket S. Amdekar (Feb 22)
- Re: Firewall Placement Question Dan Lynch (Feb 22)
- Re: Firewall Placement Question firewallwizards (Feb 22)
- Re: Firewall Placement Question J. Oquendo (Feb 22)
- Re: Firewall Placement Question Marcus J. Ranum (Feb 22)