On Tue, Aug 14, 2001 at 09:29:53PM -0700, 'Nate Campi' wrote: > I still like the idea of protecting the log stream with encryption, > but this needs to be built into the syslog daemon, or done without > using a shell account on *either* end of the connection, IMHO. Hell, > doesn't the Windoze "cryptcat" utility do that already for arbitrary > network data? "cryptcat" (available for both *nix and *doze) encrypts, but doesn't authenticate. It's also non-transparent. The problem with a non-transparent external encryption tunnelling program is that your syslog daemon won't see your original IP, it will see its local IP. "stunnel" (available for *nix and *doze) will encrypt arbitrary TCP data via SSL. And since it's SSL, you have all sort of options on how to handle trust and authentication on both ends. In theory, it should work with any TCP logger (ie. syslog-ng), but not for UDP. stunnel supports transparency, but only on some OSs. Good VPN software can usually be configured to handle authentication, avoid trust, encrypt both TCP and UDP, and be transparent. It's also usually a PITA to configure. Of course, the problem with any encryption is that it will chew up CPU during an event storm, which is often when you most need your CPU for other stuff. - Morty --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 16:05:06 PDT