Bootable CD w/OS for firewall
Don Levey
lug at the-leveys.us
Wed Sep 15 10:55:01 EDT 2004
wrote:
> On Wed, Sep 15, 2004 at 10:23:47AM -0400, Don Levey wrote:
>> A quick reboot will solve all of that - the same files come up
>> again, just as I burned them.
>
> Which may get you immediately re-owned, if that's all you do.
>
>> Keeping a hard disk around for logs means that, well, I can keep
>> logs of any activity. Very useful; that's why we havethem.
>
> A potentially better solution is to log remotely to a different
> machine connected to your side of the firewall. Then if the machine
> is compromised, it''s much less likely (if you've taken apropriate
> measures) that the system's logs will be modified at the time of the
> compromise. They'll be on a different machine entirely, which may
> (should) not have easy attack vectors from the firewall box.
Good points, both. I'd need to have the machine up so that I can figure out
what I need to fix, so hopefully after a reboot I'd have at least a little
time. How would I go about logging remotely? It's not as if I could
NFS-mount another drive, that'd be subject to the same problem.
-Don
More information about the Discuss
mailing list