Bootable CD w/OS for firewall
miah
jjohnson at sunrise-linux.com
Wed Sep 15 10:57:40 EDT 2004
On Wed, Sep 15, 2004 at 10:54:45AM -0400, Don Levey wrote:
> wrote:
> > On Wed, Sep 15, 2004 at 10:23:47AM -0400, Don Levey wrote:
> >> A quick reboot will solve all of that - the same files come up
> >> again, just as I burned them.
> >
> > Which may get you immediately re-owned, if that's all you do.
> >
> >> Keeping a hard disk around for logs means that, well, I can keep
> >> logs of any activity. Very useful; that's why we havethem.
> >
> > A potentially better solution is to log remotely to a different
> > machine connected to your side of the firewall. Then if the machine
> > is compromised, it''s much less likely (if you've taken apropriate
> > measures) that the system's logs will be modified at the time of the
> > compromise. They'll be on a different machine entirely, which may
> > (should) not have easy attack vectors from the firewall box.
>
> Good points, both. I'd need to have the machine up so that I can figure out
> what I need to fix, so hopefully after a reboot I'd have at least a little
> time. How would I go about logging remotely? It's not as if I could
> NFS-mount another drive, that'd be subject to the same problem.
syslog supports remote logging.
-miah
More information about the Discuss
mailing list