Anton - its a wonderful BCP and of little if any use to this community I bet ... this is stuff that most of you know in your sleep... its about how you would do it if you had to be accountable... What the submission of this BCP Document does say is that others in technology are getting that the Logging Community's role is to provide operational integrity for the systems and transactions that are layered on the digital transports and systems we log from. It is this 'demonstration of Integrity" and the Evidence of it (i.e. the output of the logs) that substantiates the use of the tools... Syslog, MSyslog, Syslog-Ng etc and all of the log processing and knowledge/event management tools (Swatch and Logwatch to Splunk). Anton, as I have said to you privately several times - there is a huge win here in Logs producing its own set of Standard BCP practices documents and then in submitting them as recommendations to those that would depend on this WG's expertise... The win is a specific set of logging practice statements that are 'submitted for commentary' to the Bar Association's technologies and Digital Evidence WG's (remember that lawyers will have to prosecute or defend based on what's in the logs), and then with their commentary and any remediation, submitted formally to the Audit Community to fully contaminate the people that have to approve of operating environments, with the wisdom of the Log's Group Operational Models... both through the CPA's but also through the ISACA CISM/CISA and IIA & ISC2 Auditors. The value to this group is that you get to write these practice operations models yourselves as opposed to some lawyer sitting down with you, and... I and other auditors who work in these areas would be happy to take formal recommendations from you folks to our WG's... Also FWIW - in many instances, the logging processes inside of digital systems are protected by a very interesting set of laws and this is worth talking about at some level.... Life is never going to be like it was pre-Internet, pre-9/11, preSOX fiasco's... and Digital Systems Evidentiary Proofing (logging of Integrity) are more and more important today as ever. Todd Glassey CISM CIFI ----- Original Message ----- From: "Anton Chuvakin" <anton@private> To: "LogAnalysis" <LogAnalysis@private> Sent: Thursday, February 23, 2006 2:18 PM Subject: [logs] logging in IETF draft on "Operational Security CurrentPractices" > All, > > Have you guys seen this doc called "Operational Security Current > Practices" (see > http://www.ietf.org/internet-drafts/draft-ietf-opsec-current-practices-02.txt)? > > It is supposed to give current ISP security practices and it has a > neat section on logging (what to log, what to guard the logs from, > etc). Specifically, see "2.7. Logging Considerations"... > > Best, > -- > Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA > http://www.chuvakin.org > http://chuvakin.blogspot.com > http://www.securitywarrior.com > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sat Feb 25 2006 - 23:21:18 PST