[nsp] NetFlow through a firewall?

'Dmitri Kalintsev' dek at hades.uz
Fri May 9 09:52:04 EDT 2003


IPSec will make sure you're indeed talking to the device intended. Filtering
after decapsulation will take care of any unwanted traffic that potentially
compromised device may generate.

I suggest to place your netflow collector in the DMZ and fortify it
(host-based IDS, etc), then periodically offload the data collected say via
connection initiated from behind the firewall (SSH/SCP in, for example).

On Thu, May 08, 2003 at 08:14:54AM -0400, Temkin, David wrote:
> True, though if they're on the same segment (which they are), it doesn't buy
> me very much...  I'm more concerned about the integrity of the inside
> network moreso than the integrity of the inside network
> 
> -----Original Message-----
> From: Gert Doering [mailto:gert at greenie.muc.de] 
> Sent: Thursday, May 08, 2003 3:15 AM
> 
> On Wed, May 07, 2003 at 09:56:55PM -0400, Temkin, David wrote:
> > A couple of people suggested that, but that's making it *worse* - not 
> > better... I'd rather open a single application specific UDP port 
> > through my firewall than open an entire tunnel that if someone 
> > compromises the router can gain full access inside...
> 
> You can do both, of course.  Setup an IPSEC tunnel (that terminates on 
> the firewall) and filter the decapsulated packets.
> 
> gert
> -- 
---end quoted text---

SY,
-- 
D.K.


More information about the cisco-nsp mailing list