Solved

ASA syslog outside

Posted on 2013-01-17
2
489 Views
Last Modified: 2013-01-22
Recently I was dinged in an audit for having my ASA syslog to an outside internet syslog service/server.

Is this not a good thing? is it possible syslog has clear text passwords user id's etc ??

Please explain and let me know your thoughts ... Thanks !!
0
Comment
Question by:NCHADMIN
2 Comments
 
LVL 11

Accepted Solution

by:
rharland2009 earned 500 total points
ID: 38787341
That's about the size of it, yes. If you don't think it's a problem, ask yourself this - would you send the log to anyone who asked for it with total confidence that it couldn't be used against your organization?
The auth messages and other pieces of info could be revealing. I'm not only referring to obvious things like u/p stuff, but more arbitrary and seemingly useless pieces of information about the users that are connecting to your ASA - namely, the IP addresses of folks connecting via VPN.
For example, say I break into the hosted spot where your logs reside. I'm looking for confidential information about your company. I may have a hard time getting inside your network, but if I can get a look at the public IPs of the computers that connect to your network, I've now got a list of a bunch of computers I can try to compromise - that are probably not as well-protected as your LAN.
It's just a no-no in the HIPAA/FISMA world we live in.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38787409
Like said: no, that is not a good thing. Syslogging in it's default setup should be kept on the internal network. If there is a need to send it over a public network, secure it! The ASA is capable of sending syslog over TCP using SSL/TLS so that would take care of things.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question