All logging should idealy be done off site using a syslog deamon. The most important
thing is not to have a breach and second to fix weaknesses. In this situation
flushing the memory IS the best solution to insure this, though it is not the only
one, and would rarely be that practicle or worth the hastle. Nothing is lost other
than evidence, but it is more important to stop the crime rather than catch someone
after the damage is done and with the logs safe you should have the most important
information avialable.
Richard Amerman
-----Original Message-----
From: Jeff Newmiller [mailto:[EMAIL PROTECTED]]
Sent: Sat 6/29/2002 7:28 PM
To: Richard Amerman
Cc: [EMAIL PROTECTED]
Subject: RE: Software write-protect (Was: Re: [leaf-user] Floppies)
On Sat, 29 Jun 2002, Richard Amerman wrote:
> It seems to me that reguardless of what you do to write-protect the
> medium, you have to flush (restart) the system regularly to be the
> most secure. This would idealy have to be done by some method that is
> both independant of the LEAF firewall itself and the systems it is
> protecting as these methods could be compromised. If you had a simple
> hardware timer that recycled the power on the machine every night or
> on some schedule that makes sense this would work.
I disagree. Flushing ram flushes evidence of disturbances, and does
nothing to find or eliminate latent weaknesses.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
��^){([8bAzE&z
y!yޞ�m)r^izXXW~�X(�~zwilq�zlX)ߣ^iz��!W~-?v?v&jvzݡȝu٥
