On Monday, January 27, 2003, at 06:12 AM, Bennett Todd wrote: > 2003-01-26T16:53:00 Chris Adams: >> The biggest lesson is simply network structure: > > Hear, hear! > >> if you have all of your control and logging going over the same >> network (or a VLAN without some sort of prioritization or reserved >> bandwidth), you're screwed. > > Now _that_ I'm less completely in agreement with. > > Rather, I'd say that you need to stay on top of security; anybody > who had any MS-SQL servers anywhere approaching visible from the > internet wasn't paying attention to basics. I completely agree on that count - I was thinking more about the consequences of when someone inadvertently releases a worm inside the firewall (laptop, VPN, etc.). Being able to react quickly is key and that's much easier if you use some sort of QoS so your control requests get handled ahead of worm traffic (syslog should also be above normal priority but below the control channel). It sounds like what happened to BofA was a case of the ATM VLAN getting nailed because it shared physical connections with a separate VLAN which was getting the worm traffic. Anyway, we're rapidly heading off topic with the possible exception of syslog QoS, so I'll drop the list from future replies. Chris _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 10:19:28 PST