if an insider is trying to tamper with the log entries (long) after the fact, then even writing to a CDR may not be good enough (assuming it is fast enough). the threat is that maybe the insider can open the cabinet with the archived log CDRs and substitute his/her own copy. thus we have devolved into procedural security: making sure only trusted people have keys to the cabinet containing the CDR log archive, etc, and that the physical security of the cabinet/safe is uncompromised. if you had an external data archiving facility such as a bank vault w/ a deposit-only drop box for those CDRs, maybe that'd provide similar security properties. (nothing wrong with good procedural security, btw.) -bsy -------- Bennet S. Yee Phone: +1 858 534 4614 Email: bsyat_private (i often don't capitalize due to tendonitis) Web: http://www-cse.ucsd.edu/~bsy/ USPS: Dept of Comp Sci and Eng, 0114, UC San Diego, La Jolla, CA 92093-0114 --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 15:15:32 PST