• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 496
  • Last Modified:

ASA syslog outside

Recently I was dinged in an audit for having my ASA syslog to an outside internet syslog service/server.

Is this not a good thing? is it possible syslog has clear text passwords user id's etc ??

Please explain and let me know your thoughts ... Thanks !!
1 Solution
That's about the size of it, yes. If you don't think it's a problem, ask yourself this - would you send the log to anyone who asked for it with total confidence that it couldn't be used against your organization?
The auth messages and other pieces of info could be revealing. I'm not only referring to obvious things like u/p stuff, but more arbitrary and seemingly useless pieces of information about the users that are connecting to your ASA - namely, the IP addresses of folks connecting via VPN.
For example, say I break into the hosted spot where your logs reside. I'm looking for confidential information about your company. I may have a hard time getting inside your network, but if I can get a look at the public IPs of the computers that connect to your network, I've now got a list of a bunch of computers I can try to compromise - that are probably not as well-protected as your LAN.
It's just a no-no in the HIPAA/FISMA world we live in.
Ernie BeekExpertCommented:
Like said: no, that is not a good thing. Syslogging in it's default setup should be kept on the internal network. If there is a need to send it over a public network, secure it! The ASA is capable of sending syslog over TCP using SSL/TLS so that would take care of things.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now