[lug] logs

D. Stimits stimits at idcomm.com
Tue Jul 31 00:52:33 MDT 2001


Sean Reifschneider wrote:
> 
> On Mon, Jul 30, 2001 at 03:03:57PM -0600, D. Stimits wrote:
> >this feature as the very first command run. And the machine doing the
> >final receive (e.g.,
> >firewall->ISP->log_machine_firewalled_from_firewall) can be totally
> >blocked from direct access by the firewall. One could even conceive of
> 
> Wow, you're recommending that having the log machine accessable by your
> ISPs machines would increase security?  In this scenerio, I wouldn't be
> suprised if the mail log machine were compromised *BEFORE* the firewall in
> question.  ;-/

Just a sample of separation. Not a good sample. But would you suggest
that an exact copy of the cracked firewall is a good place to hold logs,
when the cracked machine has a direct interface to it? I'm not talking
about script kiddies, I'm talking about real crackers. FYI, I agree that
there are a lot of holes in a lot of alternate schemes, and that
complexity makes it easier for something to go wrong. But I'm equally
convinced that a well secured RH 7.1 firewall, when compromised, can't
log to another RH 7.1 firewall safely.

D. Stimits, stimits at idcomm.com

> 
> Sean
> --
>  I keep just enough vi knowledge in my head so that I can edit a Makefile
>  and build Emacs.  -- Tony Foiani, 1999
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list