advertisement
Premier Club Log In/Registration
  Include Code  Search Tips
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   SKILLBUILDING  |   TIP BANK  |   SOURCEBANK  |   FORUMS  |   NEWSLETTERS
Browse DevX
Download the code for this article
DevX: Security Zone
More Security Articles
DevX: Enterprise Zone
More Enterprise Articles
Book Excerpt: Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition
Build a Robust Network and Security Foundation for Web Services
Partners & Affiliates
advertisement
advertisement
advertisement
Average Rating: 5/5 | Rate this item | 2 users have rated this item.
 

Ensure Network Safety with Centralized Logging

Virus definitions often can't keep up with the rapid proliferation of Windows-based worms, letting them slip under your radar. How can you keep your network safe? Use the access lists on your routers along with a centralized logging database to help you quickly find and isolate infected hosts.  


by Tim Conrad
June 2, 2004  
advertisement
ver the past few years, the number of Windows-based worm attacks has grown dramatically. Companies have implemented full-scale virus scanning and Windows update facilities to help stop the worm attacks. But, what do you do when you aren't entirely certain that your virus definitions are up to date, or some worm slips under the radar and infects hosts on your network? This article will show a method of using access lists on Cisco routers with a centralized logging database to find infected hosts quickly on your network.


This method was designed to work with Cisco routers, but can work with virtually any layer-3 device with syslog and access list capabilities. This method also will be using a Unix-based system and a relational database to store information. There are much more elaborate configurations out there that do similar things. This method is based on the syslog-ng configuration at http://vermeer.org/syslog/, although modified for Postgres and my own front end.

Since this solution deals with router configurations, make sure you fully understand what is happening with the configuration changes that are outlined here. Though nothing in this article is malicious, some parts need to be read carefully because a misunderstanding could have a severe impact on your network.

Basic Theory
This isn't the most difficult thing to configure and set up, however, it is a bit lengthy, and there are many parts to it. This section will give an overview of what will need to be done, and what you can expect out of this on your network.

Figure 1. An Example Network: This example network demonstrates how the centralized syslog server concept works.

Assume you have a basic network (like the one shown in Figure 1). There's one central office with three branch offices. Each office has 50-100 PCs and a few servers. Each branch office is connected to the central office via a frame relay T-1 connection. The central office has a 3MB frame relay connection to the branch offices. This example network explains how the centralized syslog server concept works, but this can extend to many different varieties of network configurations.

  Next Page: Virus Strikes!
Page 1: IntroductionPage 5: Postgres Configuration
Page 2: Virus Strikes! Page 6: Router Configuration, Phase Two
Page 3: Configure Your Router BasePage 7: Setting Up the Access Lists
Page 4: Syslog-ng ConfigurationPage 8: Maintenance
Please rate this item (5=best)
 1  2  3  4  5
advertisement
Advertising Info  |   Member Services  |   Permissions  |   Contact Us  |   Help  |   Feedback  |   Site Map  |   Network Map  |   About

internet.commediabistro.comJusttechjobs.comGraphics.com

Search:

WebMediaBrands Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Solutions

Whitepapers and eBooks

Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
Adobe Article: Java Developers Finding a Home at Adobe Flex
IBM Articles: A Smarter Business Needs Smarter Technology
Intel Xeon Processor Increases Server Efficiency and Capabilities
Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise
Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database
Oracle Whitepapers - Innovation for IT Leaders
Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT
 Internet.com eBook: IT Manager's Guide to Social Networking
Internet.com eBook: Get Ready for Windows 7
Microsoft Article: Expression Web 3--New Features for PHP Developers
Whitepapers: Manage Your Business Infrastracture with IBM
Whitepaper: Maximize Your Storage Investment with HP
Internet.com eBook: Becoming a Better Project Manager
Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Microsoft Partner Program Benefits
Video: Windows Azure Debugging Tips
SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports
 IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
Video: Deploy Applications on Windows Azure
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Downloads & Free Trials: Microsoft's New Efficiency Resource Center
Get the Windows 7 SDK
Free Trial: Red Gate SQL Backup Pro 6
 Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Virtual Lab: Migrating PHP Applications
Enabling Web Slices and Accelerators with a PHP Site
Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
 All About Botnets
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES