[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: minimal mail config for firewall?

On Thu, 15 Jun 2000, Marcin Owsiany wrote:

> Depends on your exact mail setup, I think. Maybe make a script that would
> download the logs to some other box using scp and mail them locally then to
> your account's mailbox. If you're downloading mail via POP to some other
> box, you may do it via an ssh tunnel.

Not the best way, I think... make a script that connects *to* the firewall
with scp, and pulls the logs off it - if you have a script on the firewall
that can automatically copy files to a remote site, then anyone who
manages to get into the firewall automatically has a shell acount on that
remote site... wheras with proper defensive programming, a script that
pulls the data *from* the firewall remains safe, even if the data is
tampered with.

Of course, you then have a "free" account on the firewall, but if you
create an RSA keyset that is *only* used for that *one* firewall, it
should be secure.

-- 
Charles Cooke, Network Engineer
HighwayOne Corporation Ltd.
Reply to: