Re: [logs] log review policies

From: Ralf Hildebrandt (Ralf.Hildebrandtat_private)
Date: Thu Oct 18 2001 - 07:45:09 PDT

  • Next message: Nick Vargish: "Re: [logs] log review policies"

    On Wed, Oct 17, 2001 at 09:45:03PM -0400, peff-loganalat_private wrote:
    
    > - attacker breaks into mail server
    > - attacker deletes logs from mail server
    > - admin has no idea that attack occurred
    
    - admin was not running a data intergrity checker like tripwire or aide.
      Uh.
    
    > Clearly, it's more secure to require a physical use of the log box, at
    
    Definitely
    
    -- 
    Ralf Hildebrandt                            Tel.  +49 (0)30-450 570-155
                                                Fax.  +49 (0)30-450 570-916
    This signature was added just to have one. ;-)
    
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 07:51:41 PDT