Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1196
Views
15
Helpful
6
Replies

Which interface should be put into Security Management VLAN?

cedar_lee
Level 1
Level 1

‎04-27-2009 12:49 PM

May I ask a very basic question?

Which interface should be put into Security Management VLAN? eth0 or eth1?

Thanks,

Cedar

Labels:
0 Helpful
6 Replies 6

Farrukh Haroon
VIP Alumni
VIP Alumni

‎04-28-2009 01:04 AM

What do you mean by "Security Management VLAN"?

Ideally you should leave MARS to use one port (with default route) for all polling/device telnet etc.

And the second one for OOB management. This port should be in the same subnet as the management/secop guy. As MARS can have default route only on one of its interfaces.

Regards

Farrukh

0 Helpful

cedar_lee
Level 1
Level 1
In response to Farrukh Haroon

‎04-28-2009 08:49 AM

It's from the Book, Security Monitoring with Cisco Security MARS.

It says:

As a best practice, you should create a network as a security management network if you don't already have one. This network should contain various servers used for administering and monitoring the security of your network. The entire network should be protected by a firewall and IDS/IPS. Access to it should be tightly restricted, and any remote access to it should be through a Virtual Private Network (VPN).

MARS has eth0 and eth1 and they need to be in seperate network. So, I am not sure if this book recommends to put eth0 or eth1 to the Security Management Network.

Thanks,

Cedar

0 Helpful

pmccubbin
Level 5
Level 5
In response to cedar_lee

‎04-29-2009 09:32 AM

Put ethernet 1 on your management network. Its hardware has more memory and will refresh your screen faster. This also makes your MARS box less susceptible to DOS on your production network.

You will need to go into the CLI and add a route for the Ethernet 1 so you can access the box.

Ethernet 0 will be the interface which receives all syslogs and netflow. Its IP address needs to be able to reach the default gateway you configure on the box.

Hope this helps.

cedar_lee
Level 1
Level 1
In response to pmccubbin

‎04-29-2009 10:08 AM

I think I am confused about what the book says and need a help on the question of which port should I put in the security network that is protected by firewall and IDS/IPS? Another words, which port, etho or eth1, do you protect by your firewall and IDS/IPS?

Thanks,

Cedar

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to cedar_lee

‎04-29-2009 10:56 AM

Technically you should protect both :)

But the book is talking about the 'port' used for management. For example only host 10.10.10.4 and 5 are allowed to manage the MARS box.

You can put ACL that port 22,443 etc from those two IPS is the only traffic allowed, rest block all.

Regards

Farrukh

pmccubbin
Level 5
Level 5
In response to Farrukh Haroon

‎05-01-2009 07:56 AM

Hi Farrukh,

Spot-on answer and a "5" from NYC.

Paul

Customers Also Viewed These Support Documents