On 30/10/02 18:52 +0100, Paul Gillingwater wrote:
> Nice to see syslog getting some attention. For those who are
> paranoiac (which should be most of us), I have four recommendations:
>
> 1) Send your security-related syslog stuff to a well-protected
> dedicated syslog host, preferably with no external ports exposed.
> Do all syslog processing locally on that box at the console, so
> it\'s effectively write-only from the outside.
This reminds me of an old post here (or some other secfocus list).
Send the logs to a non existent remote server. Run a box without an ip
sniffing all the syslog traffic and writing it to file. That way, an
attacker will try to break into a non existent system, but the logs are
actually being recorded on a totally diferent system. This will, at the
very least, buy you time to respond to an incident.
Devdas Bhagat
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Wed Nov 6 06:23:31 2002
This archive was generated by hypermail 2.1.8
: Wed Aug 23 2006 - 14:01:41 EDT
|
