[nsp] NetFlow through a firewall?
'Dmitri Kalintsev'
dek at hades.uz
Fri May 9 09:52:04 EDT 2003
IPSec will make sure you're indeed talking to the device intended. Filtering
after decapsulation will take care of any unwanted traffic that potentially
compromised device may generate.
I suggest to place your netflow collector in the DMZ and fortify it
(host-based IDS, etc), then periodically offload the data collected say via
connection initiated from behind the firewall (SSH/SCP in, for example).
On Thu, May 08, 2003 at 08:14:54AM -0400, Temkin, David wrote:
> True, though if they're on the same segment (which they are), it doesn't buy
> me very much... I'm more concerned about the integrity of the inside
> network moreso than the integrity of the inside network
>
> -----Original Message-----
> From: Gert Doering [mailto:gert at greenie.muc.de]
> Sent: Thursday, May 08, 2003 3:15 AM
>
> On Wed, May 07, 2003 at 09:56:55PM -0400, Temkin, David wrote:
> > A couple of people suggested that, but that's making it *worse* - not
> > better... I'd rather open a single application specific UDP port
> > through my firewall than open an entire tunnel that if someone
> > compromises the router can gain full access inside...
>
> You can do both, of course. Setup an IPSEC tunnel (that terminates on
> the firewall) and filter the decapsulated packets.
>
> gert
> --
---end quoted text---
SY,
--
D.K.
More information about the cisco-nsp
mailing list