----- Original Message ----- From: "Gregor Binder" <gb@rootnexus.net> To: <syslog-ng@lists.balabit.hu> Sent: Tuesday, October 09, 2001 8:54 AM Subject: Re: [syslog-ng] Encrypted messages
todd glassey on Tue, Oct 09, 2001 at 07:55:46AM -0700:
Todd,
I think it is going to take a while until it gets there.
I disagree.
I think everybody is excited to hear about readily available solutions that satisfy all your needs?
No a union will not stop law enforcement from arresting you for breaking the law around privacy issues.
Hmmmm - Still sounds like the System's Admin's were culpable for the OS Audit Trails...
Well, having in the union involved and on your side helps a lot I would guess, besides that, going to court with the slightest complaint is not to common in my country :)
No but is the enactment of privacy legislation? - I bet it is and whether you are living in te land of the US where people get sued for the slighest provacation, that has little to do with the criminal statute that the privacy acts put in place.
B1 is no longer a recognized standard. It is a part of the Orange Books (see: http://www.dynamoo.com/orange/fulltext.htm for a pointer to the
Orange
Book itself. The current methodology is the Common Criteria (See: http://www.commoncriteria.org).
I know that, but the features I was talking about have been outlined in the Orange Book first and happen to be defined in the no-longer-a-stan- dard B1 standard (and B2 or 3 for compartments, I don't remember). I am not talking about certification, just features required.
Given that you have local systems level access. Then you as the Systems Admin are the weak point in this Audit Model.
I'm getting more and more curious to see above mentionned readily available solutions that can still work with vanilla applications and address this sort of problem :)
I agree that there are a number of solutions proposed but most of them still rely on the operating environment being phiysically secure. I.e. if you have direct access to the machine then all bets are off and that also is an issue. How to turn the audit model into an appliance so that Sys Admin's cannot poke their fingers into it.
hey Partner C2 is old hat. Most if not all commercially available OS's
will
support C2 and most have a hardened mode that approaches what was known as B1 as well.
C2 might be an old hat, and obviously every commercial OS supports it, because C2 compliance used to be the minimum requirement for government computers.
In what country? In the US thebasic requirements are spelled out in FIPS and other documents specific to the organization that will be using the systems. In the UK its BS7799/PD5000 and in Europe its more of OSI/IEC 17799 I understand.
Still though, can you tell me ONE commercial OS (in it's non trusted version) that supports useful remote audit-logging? And no, NFS doesn't count. I am not even going to start asking about encryption :)
And old hat or not, configurable call-level-logs are probably the best you can get in terms of audit trails. Ideally of course, providing the means of security you desire.
Maybe, but the issue is how to run them securely embedded inside of other systems.
Regards,
-- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng