Hi list, hi Volker,
-----Ursprüngliche Nachricht----- Von: Volker Wiegand [SMTP:wiegand@suse.de] Gesendet am: Sonntag, 6. Februar 2000 20:56 An: Gerling, Stephan Cc: suse-security@suse.com Betreff: Re: AW: [suse-security] Application Firewall. (fwd)
On Wed, 2 Feb 2000, Stephan Gerling wrote:
Hi Volker,
The TIS FWTK is not longer for free use, i think. The SuSE Proxy-Suite is a good Proxy Suite.
Thank you very much.
If it is supporting Virus Scanner for SMTP and FTP it would be a good solution. When you thinking about an Proxy for HTTP, whats about User Timeline restrictions and Time based URL restriction for the HTTP use? I am now using Squid. The best way, i think is, all from one hand which is easyier to configure and monitoring the activity on the web.
What would the benefits of time based URL restrictions?
I thought about URL Restriction based on an spezific Time like that:"a user is not able to connect on Recreation or Sport or other URL's that are not for his buisiness relevant ( or no access to the Internet) from an Time Window between 8:00 Uhr - 12:00 Uhr and 13:00 Uhr - 17:00 Uhr. In the Time between 12:00 - 13:00 he is able to connect to the other Sites for private researches, because it is his freetime.
One thing i am missing in the Proxys is, that logging is not avaible on an SQL Database like Oracle, MS-SQL or MY-SQL directly. Or i dont know how to set it up. Collecting the data from the different logfile and make an report (even if it is done automaticly by scripts) is an boring work. Has someone an idea about an solution ????
AFAIK mSQL was originally designed for such a purpose. I have not thought about it yet. I guess it would be no big deal, but how big is the need?
Is it not increasing the Security if the Logfiles are unreachable (for the Intruder) writed into another System, where the Logs are stored (maybe on an worm medium) for further analysis??? I think many people do not think about this. The first way of breaking in a System is, save the Log's, delete your entrys, go your way, before logging out restore the original Log's. So no one will ever seen the really Intruding.
Did someone use the little brother program from kansmen (www.kansmen.com)???? This progie makes super reports for outgoing traffic. Such reports you can create with the OLAP Service of MS-SQL 7.0 if there is a way to import the data from the logfiles.
Never heard of that. When I have time I will look into it. Does it run under Linux? Is it Open Source?
No, not yet. But they think about an Linux Version. But its not free.
Are there any aditional tools for monitoring the incoming/outgoing Traffic with bandwidth use and reading the logs made by ipchains and the proxysuite for easy reports creating????? Iptraf, tcpdump...... are good tools, but i am looking for an all in one (eierlegendewollmilchsau) solution.
No, sorry, I have not been looking into this so far.
I think thats enough for today.
best regards
Stephan Gerling
Volker
-- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++
Stephan Gerling