Re: Insecure Syslog messages

From: Ryan Lindfield (ryan@westchasetech.com)
Date: Sun Dec 04 2005 - 11:33:42 GMT-3

• Next message: Big guy: "ip route-cache flow"
• Previous message: Serge N'GBESSO: "Controling mutual redistribution loops"
• Maybe in reply to: Tim: "Insecure Syslog messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Well from a high level, you know there are a handful of ways to protect data
as it moves across a network, tunnel over ssh, tunnel over SSL, and tunnel
over IPSec (and others). Most often the flavor of choice will be IPSec.
Well, IPSec has different modes, Tunnel and Transport. Tunnel is good when
you want to haul data on behalf of other nodes across that encrypted link.
If you are only worried about host-to-host communications however(maybe a
router and a syslog box) , transport mode is the way to fly :).

This may help as well :

http://www.ciscopress.com/articles/article.asp?p=25477

Take care,
Ryan

----- Original Message -----
From: "Tim" <ccie2be@nyc.rr.com>
To: "'Ryan Lindfield'" <ryan@westchasetech.com>; "'Security@Groupstudy. com
(E-mail)'" <security@groupstudy.com>; <ccielab@groupstudy.com>
Sent: Saturday, December 03, 2005 12:40 PM
Subject: RE: Insecure Syslog messages

> Hey Ryan,
>
> Thanks for your reply.
>
> Why transport mode?
>
> TIA, Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ryan
> Lindfield
> Sent: Saturday, December 03, 2005 10:44 AM
> To: Tim; 'Security@Groupstudy. com (E-mail)'; ccielab@groupstudy.com
> Subject: Re: Insecure Syslog messages
>
> Use IPSec in Transport mode between the syslog server and the monitored
> device :).
>
> ----- Original Message -----
> From: "Tim" <ccie2be@nyc.rr.com>
> To: "'Security@Groupstudy. com (E-mail)'" <security@groupstudy.com>;
> <ccielab@groupstudy.com>
> Sent: Saturday, December 03, 2005 8:40 AM
> Subject: Insecure Syslog messages
>
>
>> Hi guys,
>>
>>
>>
>> Since Syslog messages are sent in clear text, if someone can sniff them,
>> that person can learn a great deal about the network.
>>
>>
>>
>> Aside from having a switched network, are there other standard ways to
>> prevent Syslog messages from being sniffed?
>>
>>
>>
>> What are considered Industry Best Practices when it comes to Syslog
>> sending
>> messages over the network?
>>
>>
>>
>> TIA, Tim

• Next message: Big guy: "ip route-cache flow"
• Previous message: Serge N'GBESSO: "Controling mutual redistribution loops"
• Maybe in reply to: Tim: "Insecure Syslog messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3