[[nsp] Possibly OT: Securing Syslog and SNMP.]

dtodd@partners.org dtodd@partners.org
Wed, 20 Nov 2002 13:55:32 -0500 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hmmm...

Some people have multiple syslog and nmm servers. One for internal
and one for external.
Others have one system but rely on host security, good passwords,
snmp v2/3, good acls, proactive monitoring and a well designed
network infrastructure.  There are many  articles (some cisco others
3rd party) that discuss how to secure up
your routers and switches, internet architecture, as well as your
workstations.  Combinining all these w/some common sense and a
security risk analysis (ie., what is your level of security vs
business operability and ability to manage such an infrastructure)
will help with the design decision an how open you can be. 
Email me directly if you need more information.

Douglas 

- ----SIGNAURE-------
Douglas M. Todd, Jr.
Network Engineering
Partners Health Care
Building 149
149 13 Street
Charlestown, MA 02129-200
Tel: 617.726.1403
Email: dtodd@partners.org
- --------------------------------------------------------------------
PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC  E7A6 E90A 9BE5 C7B6 47BC
Key available via email.
Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf
https://digitalid.verisign.com/services/client/index.html


> -----Original Message-----
> From: cisco-nsp-admin@puck.nether.net
> [mailto:cisco-nsp-admin@puck.nether.net]On Behalf Of Joshua Smith
> Sent: Wednesday, November 20, 2002 10:22 AM
> To: James Kilton; cisco-nsp@puck.nether.net
> Subject: Re: [[nsp] Possibly OT: Securing Syslog and SNMP.]
> 
> 
> allow the traffic with an acl or firewall entry similar to this:
> 
> permit udp 'border ip' eq 514 host 'syslog ip' 
> permit udp 'border ip' eq snmp-trap host 'nms ip'
> deny ip any any log-input
> 
> hth
> 
> joshua
> 
> James Kilton <kilton9@yahoo.com> wrote:
> > I'm wondering if there are any standard practices to
> > securing the monitoring of Cisco devices via Syslog
> > and SNMP.
> > 
> > The primary issue I'm having trouble with is the
> > following: ideally you want your Management segment to
> > be as secure as possible, perhaps the most secure
> > segment on your network.  How then to you allow
> > traffic (Syslog, SNMP traps) from non-firewalled Cisco
> > devices such as border routers and backbone switches
> > to this Management network?
> > 
> > It seems that the Management network should be in the
> > far "backend" of the network for security reasons, yet
> > somehow we need to allow traffic initiated from
> > devices in the very front of the network.  Seems like
> > a catch-22.  If anyone can share their thoughts and
> > experience with this, I'd appreciate it.
> > 
> > Thanks.
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - Let the expert host your site
> > http://webhosting.yahoo.com
> > _______________________________________________
> > cisco-nsp mailing list  real_name)s@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> 
> "Walk with me through the Universe,
>  And along the way see how all of us are Connected.
>  Feast the eyes of your Soul,
>  On the Love that abounds.
>  In all places at once, seemingly endless,
>  Like your own existence."
>      - Stephen Hawking -
> 
> 
> _______________________________________________
> cisco-nsp mailing list  real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBPdvapAgiZycqTvq3EQK5bwCfSH0MtH+TMVxAi1hno4SpYq6wiz0AoPFf
oTA+ASlUSNUP81H2l9qYwOb2
=a0BY
-----END PGP SIGNATURE-----