advertisement
Premier Club Log In/Registration
  Include Code  Search Tips
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   SKILLBUILDING  |   TIP BANK  |   SOURCEBANK  |   FORUMS  |   NEWSLETTERS
Browse DevX
Download the code for this article
DevX: Security Zone
More Security Articles
DevX: Enterprise Zone
More Enterprise Articles
Book Excerpt: Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition
Build a Robust Network and Security Foundation for Web Services
Partners & Affiliates
advertisement
advertisement
Average Rating: 5/5 | Rate this item | 1 user has rated this item.
Print Print
 
Ensure Network Safety with Centralized Logging
Virus definitions often can't keep up with the rapid proliferation of Windows-based worms, letting them slip under your radar. How can you keep your network safe? Use the access lists on your routers along with a centralized logging database to help you quickly find and isolate infected hosts.  

by Tim Conrad
June 2, 2004  
advertisement
ver the past few years, the number of Windows-based worm attacks has grown dramatically. Companies have implemented full-scale virus scanning and Windows update facilities to help stop the worm attacks. But, what do you do when you aren't entirely certain that your virus definitions are up to date, or some worm slips under the radar and infects hosts on your network? This article will show a method of using access lists on Cisco routers with a centralized logging database to find infected hosts quickly on your network.


This method was designed to work with Cisco routers, but can work with virtually any layer-3 device with syslog and access list capabilities. This method also will be using a Unix-based system and a relational database to store information. There are much more elaborate configurations out there that do similar things. This method is based on the syslog-ng configuration at http://vermeer.org/syslog/, although modified for Postgres and my own front end.

Since this solution deals with router configurations, make sure you fully understand what is happening with the configuration changes that are outlined here. Though nothing in this article is malicious, some parts need to be read carefully because a misunderstanding could have a severe impact on your network.

Basic Theory
This isn't the most difficult thing to configure and set up, however, it is a bit lengthy, and there are many parts to it. This section will give an overview of what will need to be done, and what you can expect out of this on your network.

Figure 1. An Example Network: This example network demonstrates how the centralized syslog server concept works.

Assume you have a basic network (like the one shown in Figure 1). There's one central office with three branch offices. Each office has 50-100 PCs and a few servers. Each branch office is connected to the central office via a frame relay T-1 connection. The central office has a 3MB frame relay connection to the branch offices. This example network explains how the centralized syslog server concept works, but this can extend to many different varieties of network configurations.

Page 1 of 8
advertisement
  Next Page: Virus Strikes!
Page 1: IntroductionPage 5: Postgres Configuration
Page 2: Virus Strikes! Page 6: Router Configuration, Phase Two
Page 3: Configure Your Router BasePage 7: Setting Up the Access Lists
Page 4: Syslog-ng ConfigurationPage 8: Maintenance
advertisement
Advertising Info  |   Member Services  |   Permissions  |   Contact Us  |   Help  |   Feedback  |   Site Map  |   Network Map  |   About


JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Microsoft Article: HyperV-The Killer Feature in WinServer ‘08
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Win Server ‘08
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
 Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
 Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES