[clue-tech] New territory

William wlist-clue at kimballstuff.com
Thu Feb 9 21:58:10 MST 2006 

Match Grun wrote:
> I have previously used a Linksys firewall. However, it suffered a
> problem in that you could not see a log of packets from people trying to
> hack into your network. Since these devices have no hard-drives
> where do you store these? A log server behind the firewall. Another box
> that needs to be maintained. Also, these devices have embedded OS'es,
> that are difficult or impossible to upgrade.

Well, just to be sure that both sides are fully and fairly represented, 
I'll answer to this.  Many Linksys devices can store their log to RAM, 
from which you can indeed see your logs.  This negates the need to 
maintain another box.  To the last comment, I find that Cisco devices 
are particularly easy to apply firmware updates.  I have never attempted 
to update Linksys devices.

To share my experience, I use Cisco routing+firewall equipment -- at 
home (8xx-series, IOS 12+).  The built-in logging facilities are robust 
enough to negate having an additional logging server, but I also utilize 
such a logging server anyway for my own purposes.

Every network and administrator has unique needs.  Because I write and 
maintain my own "real-time auto-sensing" log watching scripts (rather 
than use tools like IPCop or PortSentry) over and above packet-level 
firewalling, I choose to use additional hardware.  Most other people, 
especially home users, don't.  What's more, even though I have an 
efficient perimeter firewall appliance, I also deploy dynamic software 
firewalls (IPTables) on the machines behind the device.  These software 
firewalls are updated dynamically by my log-watching scripts to fend off 
some on-going attacks the instant they are detected.

Everyone has their own idea of what "secure enough" means and I'm always 
learning new ways to tighten my network down despite providing my own 
robust hosting services (web, ftp, vpn, ssh, rdp, dns, chat, database, 
and a comprehensive mail suite) on a static subnet.  In my case, I'll 
probably never be satisfied, but I rest knowing this:  nobody sees 
anything on my network that I don't expressly and knowingly put before 
them.  At least, as best I can.

-- 
William Kimball, Jr.
http://www.kimballstuff.com/
"Programming is an art-form that fights back!" (Unknown)
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech

More information about the clue-tech mailing list