Search This Blog

Thursday, January 21, 2010

firewall-wizards Digest, Vol 45, Issue 9

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Juniper NSM and secure log forwarding (Jon)
2. Re: Juniper NSM and secure log forwarding (Trey Darley)


----------------------------------------------------------------------

Message: 1
Date: Wed, 20 Jan 2010 10:48:36 -0500
From: Jon <njdude@gmail.com>
Subject: Re: [fw-wiz] Juniper NSM and secure log forwarding
To: Trey Darley <trey@kingfisherops.com>
Cc: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<d6e1dcff1001200748i30eac358ld9caf7267dd41eff@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Trey,

There is no built-in function in NSM to send encrypted syslog. You would
need to either write it to a file locally and use a 3rd party method to
syslog it, or use a VPN tunnel between the two servers. As you know, NSM is
running on Linux or Solaris, so either of the above should be possible.

Regards,
Jon


On Tue, Jan 19, 2010 at 4:40 PM, Trey Darley <trey@kingfisherops.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi, Jon -
>
> Thanks for the response. I see that I wasn't entirely clear. I was aware
> that incoming logs from managed devices enter NSM via the encrypted SSP.
> Also, clearly I was misinformed about the role that postgreSQL plays in
> NSM internals.
>
> > Logs forwarded by NSM via the "Action Manager" will be sent in
> > clear-text though as we use standard syslog or SNMP-Trap formats for
> > this function.
>
> It's this bit I'm wondering about. What if I want to export firewall
> logs via encrypted syslog. Is there a Juniper knowledgebase article I
> missed somewhere along the way or do I need to roll my own solution?
>
> Cheers,
> - --Trey
>
> Quoth Jon [01/19/2010 09:49 PM] :
> > From a Juniper Systems Engineer:
> >
> > First, all logs sent to NSM either via SSP or DMI are encrypted.
> >
> > Second, we don't use postgreSQL to store firewall logs, only profiler
> data.
> > We have a proprietary logDb that uses a flat-file, compressed format for
> > the logs. The logs are not stored in an encrypted format, but the files
> > are owned by the "nsm" account, so you would need the credentials for
> > "nsm" or "root" to access them.
> >
> > Logs forwarded by NSM via the "Action Manager" will be sent in
> > clear-text though as we use standard syslog or SNMP-Trap formats for
> > this function.
> >
> > Regards,
> > Jon
> > (Disclosure - I work for Juniper)
> >
> >
> > On Tue, Jan 19, 2010 at 11:33 AM, Trey Darley <trey@kingfisherops.com
> > <mailto:trey@kingfisherops.com>> wrote:
> >
> > Hi, y'all -
> >
> > Looking for suggestions as to how you've integrated NSM into your
> > logging
> > environment. While it appears not to support ssl-wrapping syslog, it
> > does
> > store it's logs internally in postgresql. Before I go hammering up a
> > cockeyed solution I thought I'd ask the hive.
> >
> > Cheers,
> > --Trey
> >
> >
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@listserv.icsalabs.com
> > <mailto:firewall-wizards@listserv.icsalabs.com>
> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAktWJr8ACgkQQXaSM49tivDPgQCfQHGNbA5plHE8D+2EVWOxCyzT
> mykAnj8jmhO6dNzuVhHMUNfamtCm4sfa
> =6VLD
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20100120/7ea43157/attachment-0001.html>

------------------------------

Message: 2
Date: Wed, 20 Jan 2010 17:18:33 +0100 (CET)
From: "Trey Darley" <trey@kingfisherops.com>
Subject: Re: [fw-wiz] Juniper NSM and secure log forwarding
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<75cfa65735a629acc5efc5ec8dfdc69f.squirrel@kingfisherops.com>
Content-Type: text/plain;charset=iso-8859-1

Thanks, Jon. I'll just pipe it via stunnel.

Cheers,
--Trey

> Trey,
>
> There is no built-in function in NSM to send encrypted syslog. You would
> need to either write it to a file locally and use a 3rd party method to
> syslog it, or use a VPN tunnel between the two servers. As you know, NSM
> is
> running on Linux or Solaris, so either of the above should be possible.
>
> Regards,
> Jon
>
>
> On Tue, Jan 19, 2010 at 4:40 PM, Trey Darley <trey@kingfisherops.com>
> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi, Jon -
>>
>> Thanks for the response. I see that I wasn't entirely clear. I was aware
>> that incoming logs from managed devices enter NSM via the encrypted SSP.
>> Also, clearly I was misinformed about the role that postgreSQL plays in
>> NSM internals.
>>
>> > Logs forwarded by NSM via the "Action Manager" will be sent in
>> > clear-text though as we use standard syslog or SNMP-Trap formats for
>> > this function.
>>
>> It's this bit I'm wondering about. What if I want to export firewall
>> logs via encrypted syslog. Is there a Juniper knowledgebase article I
>> missed somewhere along the way or do I need to roll my own solution?
>>
>> Cheers,
>> - --Trey
>>
>> Quoth Jon [01/19/2010 09:49 PM] :
>> > From a Juniper Systems Engineer:
>> >
>> > First, all logs sent to NSM either via SSP or DMI are encrypted.
>> >
>> > Second, we don't use postgreSQL to store firewall logs, only profiler
>> data.
>> > We have a proprietary logDb that uses a flat-file, compressed format
>> for
>> > the logs. The logs are not stored in an encrypted format, but the
>> files
>> > are owned by the "nsm" account, so you would need the credentials for
>> > "nsm" or "root" to access them.
>> >
>> > Logs forwarded by NSM via the "Action Manager" will be sent in
>> > clear-text though as we use standard syslog or SNMP-Trap formats for
>> > this function.
>> >
>> > Regards,
>> > Jon
>> > (Disclosure - I work for Juniper)
>> >
>> >
>> > On Tue, Jan 19, 2010 at 11:33 AM, Trey Darley <trey@kingfisherops.com
>> > <mailto:trey@kingfisherops.com>> wrote:
>> >
>> > Hi, y'all -
>> >
>> > Looking for suggestions as to how you've integrated NSM into your
>> > logging
>> > environment. While it appears not to support ssl-wrapping syslog,
>> it
>> > does
>> > store it's logs internally in postgresql. Before I go hammering up
>> a
>> > cockeyed solution I thought I'd ask the hive.
>> >
>> > Cheers,
>> > --Trey
>> >
>> >
>> >
>> > _______________________________________________
>> > firewall-wizards mailing list
>> > firewall-wizards@listserv.icsalabs.com
>> > <mailto:firewall-wizards@listserv.icsalabs.com>
>> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>> >
>> >
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAktWJr8ACgkQQXaSM49tivDPgQCfQHGNbA5plHE8D+2EVWOxCyzT
>> mykAnj8jmhO6dNzuVhHMUNfamtCm4sfa
>> =6VLD
>> -----END PGP SIGNATURE-----
>>
>


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 45, Issue 9
***********************************************

No comments: