Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 362
  • Last Modified:

Windows 2000 and firewall linksys

We have a small network windows 2000, and we are using linksys router. Now one of our vendor have this requirements:
Firewall software will be used to track network access both internally and externally. Reports will produced indicating the level of network activity and to monitor for any attempts to breach network security.

Just wondering what should I tell them? we cant afford external firewall now.
0
shahedny
Asked:
shahedny
  • 7
  • 6
1 Solution
 
Rob WilliamsCommented:
Do they have the right to ask for this. I know in some situations they do.
You could enable Sysloging on the Linksys and have the information forwarded to a PC of your choosing. You can then install free logging software such as Kiwi  [ http://www.kiwisyslog.com/syslog-info.php ] which will not monitor the amount of activity but can monitor basic attempts at security breaches. There would be no equipment or security costs, but monitoring the logs can take quite a bit of time. Then again, you could just forward the logs to them daily, and flood them with paper work. They might not ask again. <G>
0
 
naveedbCommented:
What is the Model of your Linksys Router, does it support syslog? If it does, check the following EE article, if not, then there is not much you can do without upgrading the router.

http://www.experts-exchange.com/Networking/Q_21821754.html

You can also enable logging on each machine by installing firewall, but it will most likely not meet their requirements. You will end up merging all log files and may not containg certain information which can be captured only at Central Router.
0
 
shahednyAuthor Commented:
I do not need to send them anything but in case they need anything.
linksys modeL: WRT54G
Firmware Version: v3.03.6
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Rob WilliamsCommented:
WRT54G does have Syslogging capabilities, as well as more security items it checks for than some other Linksys. You could enable and use the free Kiwi software mentioned above. To enable simply install the software on a PC, and log on the the Linksys, browse to the LOG page, enable the items you wish to monitor, enable SysLogging, and give it the IP of the PC on which you installed the Kiwi software. There are more elaborate methods but the "the price is right".
0
 
shahednyAuthor Commented:
ok I see log option and there is no place I can put ip of PC where I install KIWI.  http://10.0.0.1/Log.asp I have enable/disable and 2 button incoming and outgoing log
0
 
shahednyAuthor Commented:
0
 
Rob WilliamsCommented:
Sorry shahedny , you are quite right. I just dug one out of a box here to have a look at. I must be thinking of the WR 'V' 54G. I checked on line and they have some firmware updates but no mention of added logging features.

I haven't seen your link but looks great. One of the advantages of Linksys now is all of the source codes (programing) is publicly available, so numerous individuals and companies have created custom modifications and add ons.
0
 
shahednyAuthor Commented:
rob
  just wondering how reliable is this, I dont want to bring down our system today for this. and how can I make sure that I can go back to my old firmware if needed
0
 
Rob WilliamsCommented:
What a skeptic !  :-)  
I would certainly be a little nervous, but should be no serious problems if you take a little precaution:
-do it on a weekend were you have a few hours to recover if it fails. Also things always go better when you don't have 20 users breathing down your neck
-download and have ready a copy of the latest firmware, you might even want to have 2 versions in case the latest is flaky
-write down your current configuration, and PPPoE UserName and password if a PPPoE connection
-on occasion Linksys routers jam and will not accept firmware. Because of this they have a little TFTP (trivial file transfer protocol) application that allows you to upload firmware without gaining access to the web page of the router. Download this and have it ready. Easy to use, if necessary, just reset the router with the button on the back, wait 10 seconds, power off for 10 seconds, and then back on. Run the utility, point to the firmware file, and enter the IP of the router, which after reset will be 192.168.1.1
ftp://ftp.Linksys.com/pub/network/tftp.exe

Good luck.
--Rob
0
 
shahednyAuthor Commented:
Rob I did this and now I followed all instructions here

http://www.dshield.org/clients/hyperwrt.php

Now I start kiwi system log and I dont see anything .

Let me explain u how our computer setup:

linksys ip: 10.0.0.1
computer which I am using for kiwi : 10.0.0.8
so on firmware I haave this:
sleep 2
/sbin/klogd
/sbin/syslogd -R 10.0.0.8
echo "#!/bin/sh" > /tmp/loggit.sh
echo "while true" >> /tmp/loggit.sh
echo "/usr/bin/killall -9 klogd" >> /tmp/loggit.sh
echo "sleep 1" >> /tmp/loggit.sh
echo "/sbin/klogd" >> /tmp/loggit.sh
echo "sleep 960" >> /tmp/loggit.sh
echo "done" >> /tmp/loggit.sh
chmod 700 /tmp/loggit.sh
/tmp/loggit.sh &
0
 
Rob WilliamsCommented:
Have to say I have never tried this. But your script looks fine. Did you do the second part as well?:
Click on the Firewall button and Copy and paste this into the Firewall form
/usr/sbin/iptables -R INPUT 7 -j logdrop
/usr/sbin/iptables -R INPUT 1 -j logdrop -m state --state INVALID

0
 
shahednyAuthor Commented:
I did .. do I need to do something on KIWI
0
 
shahednyAuthor Commented:
ok I fixed it. Install new version of Firmwire by someone else and its working now. thanks for your help
0
 
Rob WilliamsCommented:
Thanks shahedny, glad to hear you have it working. I was away on a call for a bit.
--Rob
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now