Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Duration of log retention?

from [Joseph Shaw] Network Security [Permanent Link]
Subject: Re: Duration of log retention?
Date: Tue, 13 Jun 2006 12:21:31 -0500 
Doug,
    There are many factors involved in determining retention periods for
log file data.  First, there are no blanket answers because everyone's
requirements are different.  Are you under any legal requirements, either
contractual (business partner requirements like VISA/MC PCI) or
regulatory(FDIC/SEC regulations, GLB, SOX, HIPAA, etc.), that might dictate
log file retention periods?  If so, then follow the guidelines that are
applicable to you.  If more than one is applicable to you, follow the one
that has the longest retention time. Also realize that there are differences
in the types of data retained in some of these requirements, and some
dictate whether the data is stored online/offline and how long you have to
produce the data once it is requested.  All of this should be reflected in
your data retention policies and procedures.

    Once you get past the legal requirements, you then worry about the
technology aspect.  How much data are you seeing already in the environment
and how much data could you keep online vs. stored on tape and shipped off
site?  What is the purpose of the data; are you planning on using it for
audit, incident investigation and response, or some other purpose?  If your
legal staff says that you are not under any legal requirements to hold log
file data, I would personally feel comfortable with a minimum retention
period of at least 12 months for any access control and audit logs.  Store
the previous month's data online (no more than 62 days online at a time),
and write the rest to tape for off site storage should you need them later.
Keep them on tape longer if it makes you feel better, though legal
departments tend to be of the opinion that disposing of logfile data as soon
as legally possible is the best approach, especially if they've been the
target of a lawsuit that require them to produce possibly incriminating
data.

--
Joseph W. Shaw, II
CISSP, CCNA
Sr. Consultant - Solving IT!

On 6/7/06, Doug Fox <dfox168@hotmail.com> wrote: 

 I am searching for retention duration for various logs.  Any input are
much appreciated.
Firewall log - 1 year
IDS log - 1 year
IPS log - 1 year
Router log - 1 year
Switch log - 1 year
Windows server: Security log - 1 year
Windows server: Application log - 3 months
Windows server: Systems log - 3 months
*IX server - security log equivalent - 1year
RACF (mainframe) logs - 1 year
Database - ?? log
What-else have I missed?


Many thanks in advance.

DF

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  NIST Information Security Handbook (Draft), lists@infostruct.net
Next by Date:  RE: Duration of log retention?, Marcone Almeida
Previous by Thread:  RE: Duration of log retention?, Marcone Almeida
Next by Thread:  RE: Duration of log retention?, b . hines
Indexes:  [Date] [Thread] [Top] [All Lists]