Solved

Benefit of using Loopback address on a switch/router for Syslog traffic

Posted on 2009-06-29
6
1,630 Views
Last Modified: 2012-05-07
Anyone know what the benefit is as far as security goes in using a loopback address as the source address for a switch/router's Syslog traffic?  How is the loopback address used here?
0
Comment
Question by:elly960
  • 4
6 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24739624
Hello,

protecting requests to syslog files is very important, it is a recommended pratice, in case you need to access the device

 i found a post from cisco which discusses the importance of the loopback interface

http://www.ciscopress.com/articles/article.asp?p=27137

i also found another pertaining to said practice

http://thwack.com/blogs/geekspeak/archive/2008/09/30/the-value-of-manging-via-loopback-addresses.aspx

heres an example of a configuration taken from

http://www.seccug.org/Presentations/CiscoUniv-20060406.ppt

                     access-list 80 permit 10.0.1.101
      access-list 90 permit 10.0.1.101
      snmp-server community .* RO 80
      snmp-server community .* RW 90
      snmp-server host 10.0.1.101 .*
      logging 10.0.1.101
      logging source-interface Loopback0
      logging facility syslog
      snmp-server enable traps tty
0
 
LVL 7

Expert Comment

by:tankergoblin
ID: 24739795
loopback is use to test on network functionality. It also use for some application applications to work together by intersocket communication - localhost provides that address so that the elements can all work on the same PC. It also enables you to run a web/ftp/ any other server on the same PC that you are working on without having to know the allocated IP address from a DHCP server.To make things short,  it just makes life a lot simpler, and prevents anyone having to worry about the complexities of the outside world if the 2 processes are on the same machine.

0
 

Author Comment

by:elly960
ID: 24747472
jfer0x01,
When I read articles regarding the loopback address, the articles have one common point which is that it provides Availability to due to its virtual interface.  I understand the importance of this.  However, I'm still kind of fuzzy about the loopback address in relation to syslog files/traffic.   Is it important to use a loopback address with syslog traffic because we want syslog traffic to be failsafe?  or is there another reason like a hacker can't get to the source of the syslog traffic if we use a loopback address since it's virtual?  I still can't find any good discussion or article on this.
Thanks.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 9

Accepted Solution

by:
jfer0x01 earned 50 total points
ID: 24759831
Hello,

protecting the information is your goal

if you can only reach it via loopback device, it determines that you must be physically connected to the device, and no eavesdropping can occur for this information

it is an old practice, that is still used

http://ws.edu.isoc.org/data/2003/9642836473fa01ff7e00d9/loopback-1up.pdf

The first couple of slides explains the benefits of this method

Jfer
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24817536
Any more questions?

0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24891033
Hi,

please award points or close question

Jfer
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Thin secure Windows 10 5 73
Allow X-Forwarded-For Headers to Site or No? 3 57
PCI scan - CIFS NULL Session Permitted 10 72
Resource cost of NAT vs routing 3 64
Read about achieving the basic levels of HRIS security in the workplace.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now