In response to Ron DuFresne: Baltimore's UniCERT product is designed to be a root CA and the digital signing of the log entry by its agent software upon creation of the log entry will meets the legal requirements for providing trustworthiness. Baltimore also operates a commercial CA if an organization prefers not to build its own CA infrastructure.
Note that best practice would have the log entry signed at its creation by an internal trusted program, such as Baltimore's agent code. While you could send the entry to an external notary service for signing, such an approach would allow a narrow window for also sending false entries for signing. The external approach is good for producing evidence of when something occurred and ensuring the integrity of the contents of the log entry once it is signed. The only way that I know to prove that the log entry is original, would be to sign it as part of its creation. The public key infrastructure (PKI) software to accomplish this exists. It would be ideal to have it signed via an API call from within the firewall's logging code. Marc Mandel At 11:21 AM 06/11/2002 -0500, Ron wrote: >I think perhaps Ben was meaning, there's no verification his signed logs >are any more trustworthy/courtworthy then the application/appliance you >mention below would be. There's no 'verisign' as middleman to guarrentee >his signature makes those logs, or the logs from SelectAccess which >determines they are in fact something more then cheat signed. Unless I >read you wrong here, even B T plc does not have this in place, or do they? >Are they acting as a syslog CA? _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
