[PLUG] redhat 8.0, ip forwarding, routing.
Jeme A Brelin
jeme at brelin.net
Fri Nov 8 23:00:33 UTC 2002
On Fri, 8 Nov 2002, Sum Wu wrote:
> How are you :).... Anyhow... ppl want a harddrive on a firewall maybe
> because one want to do iptables logging, network monitor, IDS, and
> other statistic collection and trending goodies.. well, you need some
> space for system to write to..
I just figure you should do your logging on a remote host because your
firewall is your first point of contact and likely your first point of
compromise. If you're logging locally, the logs can be modified, but if
you log to a remote host (or MULTIPLE remote hosts), you reduce the risk
of log tampering by an intruder.
Also, I would put intrusion detection on the systems providing services,
but what sort of intrusion detection is useful on a system with nothing
but read-only filesystem? The best you could do is log analysis, which
can be done on the remote loghost in the first place.
Statistic collection for the local host can be done on the remote logging
host and statistic collection for remote hosts shouldn't be done on the
firewall because it would require openning more listening ports.
I guess I'm a firewall minimalist.
J.
--
-----------------
Jeme A Brelin
jeme at brelin.net
-----------------
[cc] counter-copyright
http://www.openlaw.org
More information about the PLUG
mailing list