Solved

Benefit of using Loopback address on a switch/router for Syslog traffic

Posted on 2009-06-29
6
1,654 Views
Last Modified: 2012-05-07
Anyone know what the benefit is as far as security goes in using a loopback address as the source address for a switch/router's Syslog traffic?  How is the loopback address used here?
0
Comment
Question by:elly960
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24739624
Hello,

protecting requests to syslog files is very important, it is a recommended pratice, in case you need to access the device

 i found a post from cisco which discusses the importance of the loopback interface

http://www.ciscopress.com/articles/article.asp?p=27137

i also found another pertaining to said practice

http://thwack.com/blogs/geekspeak/archive/2008/09/30/the-value-of-manging-via-loopback-addresses.aspx

heres an example of a configuration taken from

http://www.seccug.org/Presentations/CiscoUniv-20060406.ppt

                     access-list 80 permit 10.0.1.101
      access-list 90 permit 10.0.1.101
      snmp-server community .* RO 80
      snmp-server community .* RW 90
      snmp-server host 10.0.1.101 .*
      logging 10.0.1.101
      logging source-interface Loopback0
      logging facility syslog
      snmp-server enable traps tty
0
 
LVL 7

Expert Comment

by:tankergoblin
ID: 24739795
loopback is use to test on network functionality. It also use for some application applications to work together by intersocket communication - localhost provides that address so that the elements can all work on the same PC. It also enables you to run a web/ftp/ any other server on the same PC that you are working on without having to know the allocated IP address from a DHCP server.To make things short,  it just makes life a lot simpler, and prevents anyone having to worry about the complexities of the outside world if the 2 processes are on the same machine.

0
 

Author Comment

by:elly960
ID: 24747472
jfer0x01,
When I read articles regarding the loopback address, the articles have one common point which is that it provides Availability to due to its virtual interface.  I understand the importance of this.  However, I'm still kind of fuzzy about the loopback address in relation to syslog files/traffic.   Is it important to use a loopback address with syslog traffic because we want syslog traffic to be failsafe?  or is there another reason like a hacker can't get to the source of the syslog traffic if we use a loopback address since it's virtual?  I still can't find any good discussion or article on this.
Thanks.
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 9

Accepted Solution

by:
jfer0x01 earned 50 total points
ID: 24759831
Hello,

protecting the information is your goal

if you can only reach it via loopback device, it determines that you must be physically connected to the device, and no eavesdropping can occur for this information

it is an old practice, that is still used

http://ws.edu.isoc.org/data/2003/9642836473fa01ff7e00d9/loopback-1up.pdf

The first couple of slides explains the benefits of this method

Jfer
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24817536
Any more questions?

0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24891033
Hi,

please award points or close question

Jfer
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question