On Tue, 4 Mar 1997, Bernd Eckenfels wrote:
> Excuse my ignorance. But what on earth is that important to be secured that
> way? My genral impression is most ppl dont even READ the logs. And if you
> fear a hacker could erase them the main damage (a break in) has already
If people don't read the logs, they might as well not even bother buying
or building that shiny new firewall. See below for the second point.
> a) hacker destroys your site.. you dontneed logs, you WILL notice
> b) hacker stores warezes or uses your host for further breakins
> (you will notice sooner or later)
> c) hacker will steal all you vulnerable data (and continues todo so).
In all of these cases, you seem to lack a grasp of the fundamental nature
of electronic/information security. It is axiomatic that a determined and
talented intruder can get in, if they have the time, resources, and will
to do so. In all of the listed cases, there are two objectives of your
information security policy (including firewalls and other security
1) To enforce security policy, including the protection of sensitive data.
2) To allow the intruder to be traced and, if possible, apprehended.
To use an analogy, there is no way I can put enough security on my house
to keep someone from breaking in. But I *CAN* do enough to ensure that,
should someone break into my house, I will know about it, and have
sufficient data points to find out who he is.
> c ist the most problematic case in log-file tampering. But since the hacker
> can copy your current databases in a few minutes he wont do all those
> additional work to delete logs. Am I missing something?
He will if he has any intelligence. If you're unaware of the intrusion,
you're at even more of a disadvantage, because the intruder (assuming he
has a serious objective) can disseminate your information to interested
parties, and since you are unaware of it, you can't act to counter. Also,
an undetected intruder has all the time in the world to completely mine
your system and place plenty of alternate access routes for himself.
> Security is nice, but one should never leave ground.. some companies dont
> have all that money they would need to pay for silly security.
You above stated viewpoint is exactly why so many companies discover to
their amazement that their information resources are, or can be, VERY
important. Security does need to be tempered by practicality, but I
sincerely hope you aren't the person who decides security policies for
your organization ;)