Questions on Sysloging with a DMZ
I've done some looking around on the web, and haven't really found an
answer to the following question.
How do you securely handle syslogging when you have servers in the DMZ,
and then the servers that are inside on the internal network? Seems that
the fundamental rule is never allow internal lan access from an external
or dmz host. But if that rule is followed, that means the syslog server
ends up in the DMZ, and that seems just as wrong.
Dual firewall setup:
Internet -- Firewall1 -- Firewall2 -- LAN
|
DMZ (connected to NIC on firewall1)
Lets say I have 4 servers in the DMZ, and 3 on the lan. Do I build two
syslog servers, one attached to each network?
I was thinking of using a digiboard on the syslog machine, and connecting
a serial link to each server. However, that doesn't help me on stuff like
cisco's and jetdirect boxes that can only output syslog over ethernet.
I was also considering maintenance, if I used serial links over another
digiboard plugged into a secured internal lan machine, that would remove
the requirement for ssh on the servers, just login to the maintenance
machine, and then connect to the appropriate server via the serial link.
Make sense/practical/secure?
And one last question. It's generally considered ok to go from internal
lan to DMZ server with limited access, correct? Like say my internal mail
server polling the DMZ mail server for mail. Or alternatively, the APC
network card notifying servers inside and outside the dmz that the
batteries are almost dead, shut down.
Ideas/comments/flames/amazon.com_links_to_RTFM?
Mike
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: