[syslog-ng] Controlling Logging to Central Syslog-ng Server,
ac56 at soas.ac.uk
Fri Sep 22 19:26:16 CEST 2006
Hari Sekhon <hpsekhon at googlemail.com> [20060922 16:34:40 +0100]:
> >If you want to dicuss DoS, come up with a way to deal with that.
> Perhaps instead of the connection being authenticated, the packets
> themselves could be signed, although I'm no cryptography expert to know
> how secure that would be against forgery.
> Would it be more secure to use a tcp SSL tunnel using or something and
> then set up tunnels for the syslog machines? Although highly secure in
> that only specific machines could go through to the server and loop back
> in to the syslog server, you'd be left with those servers being the only
> points of failure regarding malicious users or compromised accounts,
> other than the syslog-ng server itself.
erm.....IPSec or use IPv6 where then encryption/authentication is built in.
You could slap the same certificate on all the machines or be *very* lazy and
use a shared secret passphrase. Either way the kernel would drop the packet
as its not encrypted correctly and of course its multi-platform.
> I feel that it would be a huge and difficult task to add serious
> security to syslog-ng beyond this.
> just my 3 cents...
IPSec could give you change for that ;)
More information about the syslog-ng