Re: Secure remote syslogging?
On Wednesday 23 April 2003 21:26, Jamie Heilman wrote:
> Litzler Mihaly wrote:
> > How do you think switching a separate VLAN for this would be also secure
> > enough? Is it a must to use a dedicated device?
>
> Switching is done for speed, not security.
Agreed. For a dedicated logging server, though, it is very rare that speed is
as big a deal as it is for (say) the production side of the network. A
dedicated VLAN segment for logging and system management will certainly do
the job, but my recommendation would almost always be to run it on separate
equipment. (I also like to use different color cabling/equipment for the
management network, so that it's very difficult to accidentally connect
things on the wrong side.)
Clearly, there's a lot of different ways to do secure event logging. Each
method has inherent strengths and weaknesses. The important thing is to make
a decision that makes good business sense. On a production network that does
a significant amount of revenue processing, I believe that it is justifiable
to have a separate and fully isolated admin/management network. IMHO, the
security is improved, but it has the added benefit of not taking any
available bandwidth from the production (revenue producing) data.
Cheers,
Ken
Reply to: