I don't think there is a one-size-fits all answer to this question. For
instance in our case the decision is severely influenced by legal
regulations. It's a tough call because you have to balance risk of not
having the data to investigate and risk of violating laws. I would start
with your local legal ramifications first to aide in determining what you
have to comply with. This will at least give you a range of what you can
and cannot do. After that... I recommend keeping as much as you can for
as long as you can.
Ramon Kagan, GCIA, GCIH (p)416-736-2100 #20263
Manager, UNIX Services [EMAIL PROTECTED]
Interim Manager, Information Security
Computing and Network Services
York University, Toronto, Canada
When all think alike, no one is thinking very much.
- Walter Lippmann
On Wed, 8 Nov 2006, [EMAIL PROTECTED] wrote:
My question today is
Is there an industry standard for retention of IDS logs?
What is considered best practices for reviewing firewall logs. Daily, weekly,
quarterly, etc.
Thanks for your assistance
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
