Locking down the LogHost is not enough by itself because of the lack of reliability in the networking transport between the Log Data generator and the Log Data Server. A whole regimen of comparison to locally and remotely kept copies of the log is necessary in many cases. T/ ----- Original Message ----- From: "Stephen W. Thompson" <thompsonat_private> To: <loganalysisat_private> Sent: Tuesday, December 04, 2001 10:33 AM Subject: [logs] Re: Due Diligence for Admission in Court > Devdas Bhagat <devdasat_private> wrote on 4 Dec 2001: > > On 03/12/01 20:34 -0600, Tina Bird wrote: > > > 4) loghost is of course totally locked down, SSH only > > > access, or console only access, and dumps logs to > > > write-once archive format on regular basis > > ssh only access, without unpassworded keys. > > Or kerberos, with a properly managed KDC. > > En paz, > Steve (IANAL!) > -- > Stephen W. Thompson, UPenn, ISC Information Security, 215-898-1236, WWW has PGP > thompsonat_private URL=http://pobox.upenn.edu/~thompson/index.html > For security matters, use securityat_private, read by InfoSec staff > * OPEN LETTER: http://pobox.upenn.edu/~thompson/considered-war.html * > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 14:12:13 PST