[syslog-ng] Encrypted messages

Gregor Binder gb@rootnexus.net
Tue, 9 Oct 2001 17:54:50 +0200 

todd glassey on Tue, Oct 09, 2001 at 07:55:46AM -0700:

Todd,

> > I think it is going to take a while until it gets there.
> 
> I disagree.

I think everybody is excited to hear about readily available solutions
that satisfy all your needs?

> Hmmmm - Still sounds like the System's Admin's were culpable for the OS
> Audit Trails...

Well, having in the union involved and on your side helps a lot I would
guess, besides that, going to court with the slightest complaint is not
to common in my country :)

> B1 is no longer a recognized standard. It is a part of the Orange Books
> (see: http://www.dynamoo.com/orange/fulltext.htm for a pointer to the Orange
> Book itself. The current methodology is the Common Criteria (See:
> http://www.commoncriteria.org).

I know that, but the features I was talking about have been outlined in
the Orange Book first and happen to be defined in the no-longer-a-stan-
dard B1 standard (and B2 or 3 for compartments, I don't remember). I am
not talking about certification, just features required.

> Given that you have local systems level access. Then you as the Systems
> Admin are the weak point in this Audit Model.

I'm getting more and more curious to see above mentionned readily
available solutions that can still work with vanilla applications and
address this sort of problem :)

> hey Partner C2 is old hat. Most if not all commercially available OS's will
> support C2 and most have a hardened mode that approaches what was known as
> B1 as well.

C2 might be an old hat, and obviously every commercial OS supports it,
because C2 compliance used to be the minimum requirement for government
computers. Still though, can you tell me ONE commercial OS (in it's non
trusted version) that supports useful remote audit-logging? And no, NFS
doesn't count. I am not even going to start asking about encryption :)

And old hat or not, configurable call-level-logs are probably the best
you can get in terms of audit trails. Ideally of course, providing the
means of security you desire.

Regards,

-- 
 ____ ____ 
/  _/| -  >  Gregor Binder <gb@(rootnexus.net|sysfive.com)>
| / || _\ \
\__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B