Firewall Wizards mailing list archives
RE: Log checking?
From: "Luke Butcher" <Luke.Butcher () alphawest com au>
Date: Wed, 29 Sep 2004 09:00:31 +1000
It's for this reason I always setup IDS(ii?) inside the firewall. I'm only worried about what gets through, what's blocked is history. It also has the nice side effect of monitoring what people inside your network are up to. Which for all practical purposes are the only ones you can actually do anything about. Sometimes if there is no IDS in place (or even if there is depending on the client), I'll log permits on the firewall but only on more generic rules e.g. allow inside to ftp to anywhere. Logging everything can generate too much data, and your signal to noise ratio drops meaning you might miss something. Luke Butcher Network/Security Consultant Alphawest Services Pty Ltd www.alphawest.com.au IBM: Incredibly Bullying Menace -----Original Message----- From: Paul D. Robertson [mailto:paul () compuwar net] I'm just wondering if the subset of folks who actually look at their firewalls mostly looks at denied traffic only, or if it's a common practice to look at the permitted stuff too? If so, what sorts of things are you using, and are you finding anything interesting? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Log checking? Paul D. Robertson (Sep 28)
- Re: Log checking? Adrian Grigorof (Sep 30)
- Re: Log checking? ArkanoiD (Sep 30)
- Re: Log checking? Paul D. Robertson (Sep 30)
- Re: Log checking? Devdas Bhagat (Sep 30)
- Re: Log checking? Mark Tinberg (Sep 30)
- Re: Log checking? Paul D. Robertson (Sep 30)
- <Possible follow-ups>
- RE: Log checking? Desai, Ashish (Sep 28)
- Re: Log checking? Adam Shostack (Sep 28)
- RE: Log checking? Luke Butcher (Sep 28)
- RE: Log checking? Paul D. Robertson (Sep 28)
- RE: Log checking? Ben Nagy (Sep 30)
- RE: Log checking? Marcus J. Ranum (Sep 30)
- RE: Log checking? Paul D. Robertson (Sep 28)
- RE: Log checking? Rodel Collado Urani (Sep 30)
- RE: Log checking? Fiamingo, Frank (Sep 30)
- RE: Log checking? Larry Pitcher (Sep 30)
- RE: Log checking? Luke Butcher (Sep 30)
- RE: Log checking? Paul D. Robertson (Sep 30)