Tampering with Log Files
Here are some common attacks to log files:
- Take advantage of weak ACLs on log files and directories
- Modify or delete log files
- Exploit software weakness in logging mechanisms
- Exploit configuration weakness in configuration mechanisms
Contermeasures:
- Secure log file locations
- Store logs on another host
- Use encryption to protect log files
- Use cryptographic hashes to detect tampering
- Back up log files
- Keep logging mechanism patched
- Keep logging mechanism properly configured
Adopted from the book Assessing Network Security by Ben Smith, David LeBlanc, Kevin Lam.
0 Comments:
Post a Comment
<< Home