On Tue, 13 May 2003, todd glassey wrote:
> So why are checksums not needed? the issue is what constitutes a reliable
> audit model and this group doesn't have all that many auditors as far as I
> can tell so this is a technologist telling you what is necessary and once
> again we are at that impasse where technology say's "this is what you get"
> and commerce saying "we need XY&Z not that"
>
this thread initially started as a discussion of what it took to get
computer logs entered as evidence in court. as the lawyers on the list
told us at the time, checksums and other "above and beyond a vanilla
syslog" install >aren't< required. i refer everyone to the Frequently
Discussed Topics on the web site...
> One of the things that we as systems admins need to come to grips with is
> that it is us that these non-repudiate logging systems are really meant to
> protect the systems from and most of us are really offended at that, but in
> reality its the way it is. Take heart the oracle DBA's are in the same boat.
> No self-respecting Commerce Auditor believes a word the DBA's say without
> hard evidence. Just the way it is.
i don't get the impression that many of the people on >this< list would be
offended, at the implication that long term archives needed protection
from people with root! but the discussion was really about whether or not
the courts currently >required< technical mechanisms for non-repudiation
and tamper-detection. at the moment, they don't.
cheers -- tbird
--
It's not the size of the key, it's the implementation of the algorithm...
-- Natasha Smith
http://www.shmoo.com/~tbird
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com
tbird's Security Alerts http://securecomputing.stanford.edu/alert.html
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue May 13 2003 - 10:40:02 PDT