A question about firewall logging

A question about firewall logging
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
A question about firewall logging carkaci 03-29-2006
Posted by on March 29, 2006, 7:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
In our company, we enable only the ACCEPTED packet logging (cisco
firewall) ? I wonder the advantage of deny or rejected pakets logging
also i.e. (full logging). Any idea ? What type of analysis can be done
at that time?


Posted by Dimitri Maziuk on March 29, 2006, 7:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
carkaci@gmail.com sez:
> In our company, we enable only the ACCEPTED packet logging (cisco
> firewall) ? I wonder the advantage of deny or rejected pakets logging
> also i.e. (full logging). Any idea ? What type of analysis can be done
> at that time?

If you have outside users and they complain they can't connect, you
can check if it's your firewall that blocked them.

Dima
--
Yes, Java is so bulletproofed that to a C programmer it feels like being in a
straightjacket, but it's a really comfy and warm straightjacket, and the world
would be a safer place if everyone was straightjacketed most of the time.
-- Mark 'Kamikaze' Hughes

Posted by NETADMIN on April 1, 2006, 10:49 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
What can be done with Accepted packet logging when packet is already
entered network.
Deny and Rejected packet logging have some advantages over it and they
are follwoing:
1. You will come to know who is tryingto access your network.
2. Is Security breachis up or not?
3. Who is hitting the most
4. What are the targest of outside tracker/hacker.
5. Which are the top most Sites/Url /IP hitting your network.
6. Is Secuirty policy applied workingor not.



CK-NET


Similar ThreadsPosted
Snort logging May 4, 2005, 4:52 am
snort file logging name December 18, 2004, 5:31 am
Re: How safe is Tor for logging into http (nont https) web sites October 26, 2007, 8:57 am
Re: How safe is Tor for logging into http (nont https) web sites October 27, 2007, 5:16 pm
Re: How safe is Tor for logging into http (nont https) web sites October 27, 2007, 5:24 pm
Re: How safe is Tor for logging into http (nont https) web sites October 28, 2007, 10:06 am
SIMS - Prelude vs OSSIM vs OpenSIMS, with Nagios and remote logging too August 29, 2006, 9:46 am
Firewall (cheap) that supports PPTP inbound to firewall July 30, 2004, 7:53 pm
WEP question August 18, 2004, 6:14 pm
* VPN and NAT Question November 8, 2004, 6:42 pm

The site map in XML format XML site map

Contact Us | Privacy Policy