Hi
I dont know very much about Sunscreen on Solaris, but we do have it in our environment, I have been asked to gather stats on malicious attacks, port scans, hack attempts , worms, viruses etc, can Suncreen give me these and yet better still a precise breakdown of each repective hack?
Thanks
Charles
i haven't worked much with sunscreen, but as a firewall product i'm sure it has features similar to others. that said:
a firewall doesn't analyze the packets to decide if a "hack" has occured. it just approves or denies. it's like a gatekeeper. doesn't care who's trying to come in, or who's leaving, as long as it's on the approval list.
if you want to do more in depth analysis, look at intrusion detection tools like snort (open source) and others (that cost money). an intrusion detection tool tries to match packets with particular data patterns, and then builds reports based on what "events" it thinks it has detected. an important note -- intrusion detection reads your packets, so you should notify (and try to allay fears of) people who worry that their privacy will be intruded upon. i mean, it will to some extent, but intrusion detection patterns and filters are smart enough (in most cases) to ignore valid packets (and not store their data, sensitive or otherwise).
also, unless people are constantly and actively trying to hack your systems, you probably won't see a lot in your reports. this is typical (and as it should be). the filters that you run should (and generally will) be a set of known vulnerabilities. this is important in that if a NEW vulnerability is discovered, you won't have a filter for it. therefore, you should always be updating your filters...
