Saturday, August 06, 2005

Tampering with Log Files

Here are some common attacks to log files:
  • Take advantage of weak ACLs on log files and directories
  • Modify or delete log files
  • Exploit software weakness in logging mechanisms
  • Exploit configuration weakness in configuration mechanisms

Contermeasures:

  • Secure log file locations
  • Store logs on another host
  • Use encryption to protect log files
  • Use cryptographic hashes to detect tampering
  • Back up log files
  • Keep logging mechanism patched
  • Keep logging mechanism properly configured

Adopted from the book Assessing Network Security by Ben Smith, David LeBlanc, Kevin Lam.

0 Comments:

Post a Comment

<< Home