RE: Signs of an Intruder

Dwight Hubbard (Dwight.Hubbard@mci.com)
Mon, 25 Nov 1996 09:44:35 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: -= IDS Moderator =-: "Introductions"
Previous message: David M. Balenson: "ANNOUNCEMENT: ISOC 1997 SYMPOSIUM NETWORK & DISTRIBUTED SYSTEM SECURITY"
Next in thread: Quantum: "RE: Signs of an Intruder"

Why not just log everything to write once media such as a Worm drive...

I also believe there is some help in using "security through obscurity",
whereby you place wrapper logs etc. in a logfile where a whole lot of
irrelevant logging goes too (for example, the ftp xferlog, or somesuch).

...I mean while we are on the issue of "more secure". Nothing is, of 
course.

Tor.

> 
> One problem here is that the knowledgable hacker also knows where to 
> look and will clean up after/during the attack. Therefore wrappers 
> and secondary logging to an alternate host is a more secure way (note 
> I say more secure and not secure) of ensuring audit trails are valid.

Next message: -= IDS Moderator =-: "Introductions"
Previous message: David M. Balenson: "ANNOUNCEMENT: ISOC 1997 SYMPOSIUM NETWORK & DISTRIBUTED SYSTEM SECURITY"
Next in thread: Quantum: "RE: Signs of an Intruder"