So I'm looking in my ISA log files...

Firewall Dashboard alerts customer to false spoofed packet issue with VMWare

Scorpion Software Corporate Weblog — Fri, 12 Jan 2007 06:21:46 GMT

Sometimes it's interesting to see how the Firewall Dashboard helps our customers. Recently Susan Bradley blogged about how, in her words: Once again, the firewall dashboard stuck something in my face that I don't think I would have noticed otherwise.

re: So I'm looking in my ISA log files...

Jim Begley — Thu, 04 Jan 2007 20:21:32 GMT

Network security / monitoring / management tools have not kept pace with virtualization products. I have had similar "false positives" on my network and have spoken to a number of vendors who just tell me they are working on it. We had an asset management tool telling us a laptop was "missing", it was a VirtualPC that was not running after being picked up in a scan. We had firewalls reporting spoofed IP's on VMWare and a monitoring tool that kept automatically monitoring virtual servers in a test lab. The good news is it should be a relatively easy fix to have tools 1)identify virtual resources, (they have unique BIOS ID's) and 2)tie them back to the host system and running state. Once we do that, we can build conditional rules on monitoring and management tools.

Great post, as always :)

re: So I'm looking in my ISA log files...

chris rue — Thu, 04 Jan 2007 08:43:05 GMT

amy b. = the shiznit, fo sho!