Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] write events log to CD?

from [Barrie Dempster] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] write events log to CD?
Date: Mon, 30 Aug 2004 10:07:08 +0100 
On Mon, 2004-08-30 at 04:15, Ali Campbell wrote:

Sending logs to a printer makes the most sense to me. Absolutely 
unhijackable, and a good use for that old 9-pin dotmatrix and 2000 
sheets of traction feed paper you have in the cupboard.


Unless at some point you actually want to examine your logs.
Even a moderately busy production server will produce so much crap from
that printer that it would be a nightmare to examine, if you had any
sort of incident. Not to mention all that wasted paper.


I know that you can dump event logs to a file, I seem to recall it being
scriptable too, although scripting the actual burning may be the issue
here.
However most good server versions of backup software will let you dump
your event logs to their backup medium, which could be a CD-R.

If an incident does occur, event logs aren't a terribly great source of
information, you'd be much better off paying attention to your IDS/IPS
system.
-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: !SPAM! [Full-Disclosure] Automated ssh scanning, Chris Adams
Next by Date:  Re: [Full-Disclosure] viruses coming from this list.., Barrie Dempster
Previous by Thread:  Re: [Full-Disclosure] write events log to CD?, Ali Campbell
Next by Thread:  Re: [Full-Disclosure] write events log to CD?, Harlan Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]