RE: [logs] Log archival

From: Blaise St-Laurent (bstlaurentat_private)
Date: Wed Dec 11 2002 - 14:39:18 PST

  • Next message: Paul D. Robertson: "Re: [logs] Log archival"

    > >My current thoughts are :
    > >        * they should be archived to tamper proof (write once)
    > media, such as CD-
    > >or DVD-R.
    >
    >
    > Could anyone on the list comment about the feasibility/forensic
    > value of storing logs on spinning media and just burning complete
    > archives of checksums to CDs and storing the digital signatures
    > away? Paul?
    
    My biggest concern for this system would simply be the reliability of the
    spinning medium.
    >
    > It strikes me that a few hundred gigs of logs is about $255.00
    > worth of storage. I have 2 of those in my home MP3 server. ;)
    > But you can store a LOT of checksums on a CD-R. ;) Indeed, if
    > you're using a CD-R that allows write-updates, you'd be able
    > to incrementally add and I don't think it'd be arguable that
    > you'd be able to erase 'em later.
    
    But what happens if you end up finding a log that's been changed? what then?
    at least if you are burning the logs, you've still got them. what could be
    interesting however is burning encryption keys as well as a hash .. and
    encrypting the logs while storing them.
    >
    > mjr.
    > ---
    > Marcus J. Ranum				http://www.ranum.com
    > Computer and Communications Security	mjrat_private
    >
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 15:14:26 PST