On Wed, 2010-05-19 at 14:05 -0500, mike@xxxxxxxxxxxx wrote:
> It was suggested that I take all protocols off of Nic1 which would make it safe to have on the public side.
Definitely. That NIC should be as "quiet" as possible, if anyhow
possible even completely passive.
> What I'm looking for is input on just how safe this setup is.
As long as the Interface is completely passive, has no IP address and no
services/listeners bound to it, it's a safe start.
However, Wireshark is a piece of software that processes any data flow
to and from your firewall, and its protocol dissectors are not immune to
attacks:
http://www.wireshark.org/security/
I do not mean to bash Wireshark or anything, it is truly one great piece
of software, that helped my employer a great deal (even saved us from
the spanish inqui... er... the FSA once). But as with all software, bugs
are there, buffer overflows can happen...
If I were your security officer, I would support this setup only if the
capturing system's "inside" interface was moved into a DMZ and Wireshark
was used by some form of remote desktop functionality.
regards
Marc