hi , i have some additional information for managibg and viewing the different hosts logs of NT.We ar using March Security controll manager and ELM (event log manager) to view and transfer the differnt host's logs and it is really good and you can customise to your needs.I also configured NT AltaVista firewall on Alpha platforms,it is quite stable and working fine for my customers. cheers prashanth rao > -----Original Message----- > From: Knapp, Ken (SD-EX) [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, January 12, 1999 6:54 AM > To: 'Brian Steele'; [EMAIL PROTECTED] > Subject: RE: OS Platform for firewall > > I concur with Brian. > > I have several friends who manage NT firewalls and have no problem doing > what he has said. > > I put up DEC's Alta-Vista firewall product, which was Unix based but used > the Netscape GUI as the administrator interface. A very nice, admin > friendly > firewall. My friends with their NT based firewalls could do all the system > functions that ours could and they didn't have to reboot anymore than ours > did. > We did reboot ours 3 times in the first year due to software patches for > Unix. There were no crashes of any kind within the first 14 months. System > logs were not an issue and we did have automatic reboot enabled. We also > challenged the firewall periodically. We also had it on a UPS and we would > also "pull the plug", literally, to test it. > > Brian's point regarding "not" running any 3rd party software should be > well-taken. Firewall software is special purpose software. It is not > designed or tested to have a lot of 3rd party software running on the > firewall system. > > I also specified as part of our security policy that there should be no > RAS > to the firewall. I have heard this mentioned at several security seminars > as > a "how not to configure" element of firewalls. Again, this is up to your > respective site security policy, one size doesn't fit all and this isn't > intended to "enflame" anyone. > > Cheers > Ken > > -----Original Message----- > > From: Brian Steele [SMTP:[EMAIL PROTECTED]] > > Sent: Monday, January 11, 1999 11:54 AM > > To: [EMAIL PROTECTED] > > Subject: RE: OS Platform for firewall > > > > > System logs are one reason. How do you send one NT host's logs to > > > another host, or several other hosts (for non-repudiation). Answer: > you > > > can't. > > > > You should be able to, via UNC (and perhaps directory replication > between > > servers). > > > > > > > How do you parse through multiple logs quickly using any text > > > viewer in NT? Answer: you can't. > > > > Not with NT's default viewer. But these are TEXT logs. Hell, you could > > use > > Word to look at them, or any shareware text viewer. This is a non-issue > > as > > far as I'm concerned, as the tools are easily available. > > > > > > > How do you discriminate between NetBIOS and DNS names and IP > addresses? > > > Once again: you can't do this under NT. > > > > The question is whether or not this would be a requirement. > > > > > > > Remote access is important in any server farm. Sure you can setup > > > RAS+VBscript+various other hacks under NT but it is not going to be > > > reliable. Under Unix you install SSH for encrypted access including > > > X11, even including public-key authentication. SSH is rock solid. > > > > Some would argue that a remote-access point for a firewall server is > > itself > > a security risk ;-). > > > > > > > And if the server goes down? > > > > Configure it to reboot automatically. This won't work in the case of a > > "hard" crash, where the system completely locks up, but I rarely see > this > > with NT. > > > > > > > The last large shop I worked at which > > > used NT proxy firewalls had to reboot at least 3 times a week. This > > > was with the best NT system administration available. > > > > They need to get better system administrators. There's no reason why an > > NT > > server assigned to firewall/proxy duties alone should have to be > rebooted > > so > > often, unless they're using improper hardware, or 3rd party s/w that > > doesn't > > work well with NT. > > > > > > > And what do you do when your NT firewall crashes, which it will do > > > frequently? You really have no choice but to get to the console and > > > power cycle the thing. > > > > Nope - set it to reboot automatically (see note above). > > > > > > Regards, > > Brian > > > > - > > [To unsubscribe, send mail to [EMAIL PROTECTED] with > > "unsubscribe firewalls" in the body of the message.] > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
