• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 494
  • Last Modified:

ASA syslog outside

Recently I was dinged in an audit for having my ASA syslog to an outside internet syslog service/server.

Is this not a good thing? is it possible syslog has clear text passwords user id's etc ??

Please explain and let me know your thoughts ... Thanks !!
0
NCHADMIN
Asked:
NCHADMIN
1 Solution
 
rharland2009Commented:
That's about the size of it, yes. If you don't think it's a problem, ask yourself this - would you send the log to anyone who asked for it with total confidence that it couldn't be used against your organization?
The auth messages and other pieces of info could be revealing. I'm not only referring to obvious things like u/p stuff, but more arbitrary and seemingly useless pieces of information about the users that are connecting to your ASA - namely, the IP addresses of folks connecting via VPN.
For example, say I break into the hosted spot where your logs reside. I'm looking for confidential information about your company. I may have a hard time getting inside your network, but if I can get a look at the public IPs of the computers that connect to your network, I've now got a list of a bunch of computers I can try to compromise - that are probably not as well-protected as your LAN.
It's just a no-no in the HIPAA/FISMA world we live in.
0
 
Ernie BeekCommented:
Like said: no, that is not a good thing. Syslogging in it's default setup should be kept on the internal network. If there is a need to send it over a public network, secure it! The ASA is capable of sending syslog over TCP using SSL/TLS so that would take care of things.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now