Hi, I also have to disagree with this: "Logging is NOT a privacy risk; inappropriate use for collected data is." Logging is not a privacy risk, _unauthorized_ inappropriate use of logs is. And the mere fact of presence of all-including logs poses the risk of unauthorized inappropriate use. Just recall the vulnerabilities where passwords got into log files. So why deal with this risk if you don't need the data? Still I agree that in the corporate environment the more logging you have the better - you end up with more controlled environment. And usually there is "no expectation of privacy" at work nowadays... Regards, Amiran Alavidze, CISSP On 9/26/06, Anton Chuvakin <anton@private> wrote: > All, > > Yeah, yeah, yeah - some might say this is shameless self-promotion, > but, seriously, it ain't :-) I just want to have a fun discussion... > > I wrote this piece on logging everything: > http://chuvakin.blogspot.com/2006/09/access-or-accessaudit_22.html > > Some criticism, not unexpected, already materialized. > E.g. http://securosis.com/2006/09/23/sorry-logging-is-a-privacy-risk/ > > What do you think? > > Best, > -- > Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA > http://www.chuvakin.org > http://chuvakin.blogspot.com > http://www.securitywarrior.com > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Tue Sep 26 2006 - 00:55:15 PDT