Re: Building a bastion host using Debian.
Henry Hollenberg <speed@barney.iamerica.net> wrote:
> Sounds intresting.... one more thing I would add is bomb-proof
> logs....
...
> The best idea I've heard for this is a "drop-safe" system....a system
> that is not on the network and listens to logging only from your
> bastion and paket filters via serial connection.
Variations: logging to a printer on parallel port (for really critical
stuff), and logging only hosts (which should be completely inert as
in never emit packets -- slice a trace on the ethernet board if
you know what you're doing) which are configured to track "interesting"
events.
A further variant is something that tracks remote ip numbers in use,
what ports they're going to, and what hosts they're going to, and
constructs a priority queue of remote hosts to check out, then
periodically runs traceroute (or whatever) and logs the details.
[Though this more focusses on reliability problems than intrusion
problems.]
--
Raul
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: