[logs] Re: on access vs access+audit

From: Amiran Alavidze (galavidze@private)
Date: Mon Sep 25 2006 - 23:34:29 PDT


Hi,

I also have to disagree with this: "Logging is NOT a privacy risk;
inappropriate use for collected data is."

Logging is not a privacy risk, _unauthorized_ inappropriate use of
logs is. And the mere fact of presence of all-including logs poses the
risk of unauthorized inappropriate use. Just recall the
vulnerabilities where passwords got into log files. So why deal with
this risk if you don't need the data?

Still I agree that in the corporate environment the more logging you
have the better - you end up with more controlled environment. And
usually there is "no expectation of privacy" at work nowadays...

Regards,
Amiran Alavidze, CISSP


On 9/26/06, Anton Chuvakin <anton@private> wrote:
> All,
>
> Yeah, yeah, yeah - some might say this is shameless self-promotion,
> but, seriously, it ain't :-) I just want to have a fun discussion...
>
> I wrote this piece on logging everything:
> http://chuvakin.blogspot.com/2006/09/access-or-accessaudit_22.html
>
> Some criticism, not unexpected, already materialized.
> E.g. http://securosis.com/2006/09/23/sorry-logging-is-a-privacy-risk/
>
> What do you think?
>
> Best,
> --
> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
>      http://www.chuvakin.org
>  http://chuvakin.blogspot.com
> http://www.securitywarrior.com
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Tue Sep 26 2006 - 00:55:15 PDT