17.4 Summary

Previous page
Table of content
Next page
   

Syslogs are useful because they can provide administrators with analysis of a break-in. They can also help track down how an attacker managed to successfully break into a system. For these reasons, it is imperative that syslogs be secured.

At a minimum all syslogs should be stored on a separate partition and only readable by the administrative user of the server. Additional security steps that can be taken include writing the log files to a WORM device and encrypting the log files.

The best security enhancement for log files is to not store them directly on the network device. Most network devices have a facility called syslog, which will help direct the files to a separate location. The syslog server should be locked down using the usual methods and have an extra layer of protection in the form of a software-based firewall, such as IPTables. Syslog entries should also be written to a WORM device whenever possible.

To make the life of administrators easier, there are tools, such as LogSentry and IPSentry, that can sift through syslog messages and generate alerts to administrative staff when suspicious activity is noted.

   

Previous page
Table of content
Next page
The Practice of Network Security. Deployment Strategies for Production Environments
The Practice of Network Security: Deployment Strategies for Production Environments
ISBN: 0130462233
EAN: 2147483647
Year: 2002
Pages: 131
Authors: Allan Liska
BUY ON AMAZON
Managing Enterprise Systems with the Windows Script Host
C & Data Structures (Charles River Media Computer Engineering)
Competency-Based Human Resource Management
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Microsoft WSH and VBScript Programming for the Absolute Beginner
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy