Given the following firewall layout, what systems should log what, if
anything at all.
Internet ----> [A] ---- DMZ ----- [B] ---- Company
where [A] and [B] are a filtering routers and provide ALL protection.
[C] and [D] provide external services such as WWW, FTP and mail.
No split DNS. (Safe?)
No proxies or application level stuff. Proctection is purely filtering (Safe?)
No Internet to Company traffic is allowed unless started by the inside. (e.g
telnet from inside to outside but not vice versa)
Must [A] and/or [B] log something for packets that are discarded?
Should [C] and [D] log something for packets at "unexpected" ports?
The question behind the questions:
Is it considered risky if [A] and [B] cannot log anything?
----- Ed Maillet