There is a product that communicates to the event viewer and displays
events via an agent that, which you connect to via an HTPPS session in
browser. The product is known as snare for windows, created by Intersect
Alliance. This product can also be pointed to a syslog server like Kiwi
or whatever your flavor...
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Bhardwaj, Akash
Sent: Thursday, September 27, 2007 7:27 AM
To: Petter Bruland; gjgowey@tmo.blackberry.net; Jim Mellander
Cc: listbounce@securityfocus.com; itsec.info;
security-basics@securityfocus.com
Subject: RE: Routing protocols, Internet vs Enterprises
I have several Windows OS servers and looking for a freeware/open source
application that can show me all the Event Viewer logs via a web site.
Any one...?
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Petter Bruland
Sent: Thursday, September 27, 2007 4:57 AM
To: gjgowey@tmo.blackberry.net; Jim Mellander
Cc: listbounce@securityfocus.com; itsec.info;
security-basics@securityfocus.com
Subject: RE: Routing protocols, Internet vs Enterprises
It's funny how someone asks for something simple, like a list of routing
protocols and we end up with tons of good information about where the
different protocols should be used.
That is one thing I really appreciate about this list, so thanks for
lots of good postings.
** Maybe I can sneak a question in here, and see if it get noticed or
maybe even answered ;-)
In a Windows 2003 Active Directory "network", is there a way to turn on
audit to the point where you would be able to find out what end device
locked out an account? I've dug around and I'm not able to get any
useful information out of the security audit log/event viewer...
Thanks again.
-Petter
-----Original Message-----
From: gjgowey@tmo.blackberry.net [mailto:gjgowey@tmo.blackberry.net]
Sent: Wednesday, September 26, 2007 4:10 PM
To: Jim Mellander
Cc: Petter Bruland; listbounce@securityfocus.com; itsec.info;
security-basics@securityfocus.com
Subject: Re: Routing protocols, Internet vs Enterprises
I used to be able to go one better. I had a fluke optiview just sitting
on the network attached to a gig port with all the snmp community
strings for the switches and routers in it. If someone did something
stupid I could trace down to what port of what switch they were sitting
on and just shut it off.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: Jim Mellander <jmellander@lbl.gov>
Date: Wed, 26 Sep 2007 15:38:26
To:gjgowey@tmo.blackberry.net
Cc:Petter Bruland <pbruland@fcglv.com>, listbounce@securityfocus.com,
"itsec.info" <itsec.info@gmail.com>, security-basics@securityfocus.com
Subject: Re: Routing protocols, Internet vs Enterprises
gjgowey@tmo.blackberry.net wrote:
With companies one of the first questions that I think some people
forget to ask is if a routing protocol is really necessary for the
network topology that they have. Routing protocols are only really
useful for when you have multiple paths out of your particular subnet.
If you only have one path out then using any routing protocol is
needless.
That may seem like common sense, but I used to work for one large
employer who, because the network admins weren't too bright about
routing, used ospf on every router they had to link all their buildings.
Even though each router only had a single T1 connecting it directly to
the core router at the noc and that router had a direct 10/100 link to
the upstream providers router. I'd tell more, but I think some people
here would think I was bullshitting.
Geoff
Even in a situation as you describe, using a routing protocol is not
entirely without benefit. For instance, suppose a miscreant host is
spewing spam to the internal network, and the internet. We could log
into the router closest to the host and put a host-level null route in
place, thus confining the hosts miscreant activity to its broadcast
domain. If a routing protocol (OSPF, even RIP) is in place, the routing
update can be made to a central router, which will then propagate it -
which would likely make such activities easier to script, and manage.
--
Jim Mellander
Incident Response Manager
Computer Protection Program
Lawrence Berkeley National Laboratory
(510) 486-7204
The reason you are having computer problems is:
Did you pay the new Support Fee?
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
