FW: [logs] About the logging infrastructure

Joe_Wulf@private

R,
-Joe Wulf, CISSP
 ProSync Technology Group, LLC

           <http://www.prosync.com/> www.prosync.com
 Senior IA Engineer
 (410) 772-7969  office
 (410) 772-7967  fax
 (443) 801-5597  personal cell

  _____  

From: Joe_Wulf [mailto:Joe_Wulf@private] 
Sent: Wednesday, April 13, 2005 09:58
To: 'Phi Phu'
Subject: RE: [logs] About the logging infrastructure

Phi,

You ask interesting questions.   :)

1.  Yes.  I believe existing audit/log data should be used effectively for
security purposes.
     Such purposes include finding bad people doing bad things, errant
processes, and the
     occasional abuse (or attempted) abuse of privledges.  Further, careful
scrutinity of
     what transpires security-wise over the long term can lead to many clue'ful
insights of
     opportunities to improve the security infrastructure, too.
2.  There are a variety of security tools, but I think the answer really depends
on what
     YOUR problem set is.  What are YOU seeking to have such a security tool
'DO' for
     you and your enterprise?
3.  You might be able to build a tool that meets your needs, but you might also
find one
     or more viable commercial tools, too.

I'd recommend starting with a problem definition of what isn't going right
today.  Get input
and feedback from others.  With a stable problem definition, put requirement
statements
into place that will address and resolve the problem definition.  With those in
hand, view
the products that exist today and see which ones are satisfactory.

Good luck!

R,
-Joe Wulf, CISSP
 ProSync Technology Group, LLC

           <http://www.prosync.com/> www.prosync.com
 Senior IA Engineer

  _____  

From: loganalysis-bounces+joe_wulf=yahoo.com@private
[mailto:loganalysis-bounces+joe_wulf=yahoo.com@private] On Behalf Of Phi
Phu
Sent: Wednesday, April 13, 2005 03:38
To: loganalysis@private
Subject: [logs] About the logging infrastructure

Dear all,
I am a new person in this mailling list. I have some following questions that i
really want they will be aswered:
1. Should we try to use effectively the existing log data (from OS and
applications) for the security purpose, in stead of using IDS or other
monitoring tools that also producing log data in the flooded-by-log world today?
2. (If question #1 is "yes") is there any existing solution or product that
manages the log data for a small and medium enterpise (with the standard
computer network including: user workstations, file server, web server, mail
server, gateway to Internet, firewall, db server) for the intrusion detection
purpose?
3. (if question #2 is "no") do you think that building a solution like that is
possible?

Thank you, and best regards,
Phi

  _____  

Do you Yahoo!?
Yahoo! Small Business - Try
<http://us.rd.yahoo.com/evt=31637/*http://smallbusiness.yahoo.com/resources/>
our new resources site! 