Re: Secure remote syslogging?

["Kenneth R. van Wyk" <ken@vanwyk.org>]

On Wednesday 23 April 2003 21:26, Jamie Heilman wrote:
> Litzler Mihaly wrote:
> > How do you think switching a separate VLAN for this would be also secure
> > enough? Is it a must to use a dedicated device?
>
> Switching is done for speed, not security.

Agreed.  For a dedicated logging server, though, it is very rare that speed is 
as big a deal as it is for (say) the production side of the network.  A 
dedicated VLAN segment for logging and system management will certainly do 
the job, but my recommendation would almost always be to run it on separate 
equipment.  (I also like to use different color cabling/equipment for the 
management network, so that it's very difficult to accidentally connect 
things on the wrong side.)

Clearly, there's a lot of different ways to do secure event logging.  Each 
method has inherent strengths and weaknesses.  The important thing is to make 
a decision that makes good business sense.  On a production network that does 
a significant amount of revenue processing, I believe that it is justifiable 
to have a separate and fully isolated admin/management network.  IMHO, the 
security is improved, but it has the added benefit of not taking any 
available bandwidth from the production (revenue producing) data.

Cheers,

Ken