RE: Signs of an Intruder

Quantum (quantum@obsidian.cse.fau.edu)
Tue, 26 Nov 1996 05:02:29 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: IO ERROR: "Re: Audit trails"
Previous message: Diane Davidowicz: "RE: Signs of an Intruder"
In reply to: Dwight Hubbard: "RE: Signs of an Intruder"

or a more plusible idea is to log to paper.

> 
> Why not just log everything to write once media such as a Worm drive...
> 
> I also believe there is some help in using "security through obscurity",
> whereby you place wrapper logs etc. in a logfile where a whole lot of
> irrelevant logging goes too (for example, the ftp xferlog, or somesuch).
> 
> ...I mean while we are on the issue of "more secure". Nothing is, of 
> course.
> 
> Tor.
> 
> > 
> > One problem here is that the knowledgable hacker also knows where to 
> > look and will clean up after/during the attack. Therefore wrappers 
> > and secondary logging to an alternate host is a more secure way (note 
> > I say more secure and not secure) of ensuring audit trails are valid.
>

Next message: IO ERROR: "Re: Audit trails"
Previous message: Diane Davidowicz: "RE: Signs of an Intruder"
In reply to: Dwight Hubbard: "RE: Signs of an Intruder"