Hi folks, One of the solutions to the log authentication problem I've been pondering lately is the write once/read many network logging device. This could be essentially a CD-ROM drive (or the equivalent technology) designed to write a copy of the log in real time, using a process that makes subsequent overwrites physically impossible (or as near to impossible as one can get in this business), at least without obvious signs that an overwrite has been attempted. We know, for example, that each write pass over magnetic media leaves a permanent trace in the media substrate, so a detector specially designed to check for multiple writes could be employed as a verification check before and after the media was loaded into the drive. It could even burn a permanent record of the initial verification run, protected by a checksum (for example) in the header of the disk itself. This is all highly speculative, of course, although some aspects of this technology do already exist, and it doesn't address the issue of verifying currently existing logs. It would be expensive to develop and, at least initially, to deploy, but it might be a viable long term means of coming to terms with the electronic record verification problem. In thinking about the problem, I was reminded of my days in corporate security, when alarms and other electronically monitored security incidents were recorded in real time on a dot matrix continuous feed stack, attempted alterations to which were usually quite easy to spot. Courts seemed to have little trouble accepting those logs as genuine. Just a little postulating from a speculative fiction writer... ;-) Cheers, RGF Robert G. Ferrell, CISSP ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 20:04:42 PDT