Who knew? WORM doesn't mean WORM? Thanks for that tidbit, Andy.
--
rk
-Original Message-
From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of AndyHC
Sent: Friday, January 11, 2013 2:33 AM
To: profoxt...@leafe.com
Subject: Re: [NF] Immutable Audit Trails
[Richard Kaye
Who knew? WORM doesn't mean WORM? Thanks for that tidbit, Andy.
Well if immutable doesn't mean immutable, then why not? ;)
Ken Dibble
www.stic-cil.org
___
Post Messages to: ProFox@leafe.com
Subscription Maintenance:
Thank you to everyone who replied to this thread. It was all very useful.
As to what constitutes an audit trail, I already have some of that in my
software and it would not be difficult to add more.
As for forcing people to change passwords: pointless, IMO, since I would
never allow people
On 1/10/13 10:14 AM, Ken Dibble wrote:
I'm researching health data security issues and came across a requirement for
immutable electronic audit trails.
The people who write these standards can't be serious, can they? There is no
such
thing as immutable electronic data. Are they really dumb
I bet storing a SHA hash of each audit entry would suffice. Then
validation could
regularly choose audit entries at random, re-hash, and compare, proving
that the
values didn't mutate.
Thank you.
Proving that values didn't mutate isn't the same as preventing them from
being mutated.
Nor
On Jan 10, 2013, at 12:54 PM, Ken Dibble krdib...@stny.rr.com wrote:
Nor would hashing each entry separately prevent them from being deleted.
Deleting an entry indicating that so-and-so accessed such-and-such a record
at such-and-such a time would be a pretty serious form of tampering.
Nor would hashing each entry separately prevent them from being
deleted. Deleting an entry indicating that so-and-so accessed
such-and-such a record at such-and-such a time would be a pretty serious
form of tampering.
There are ways to deal with this, such as hash the previous
On Jan 10, 2013, at 1:14 PM, Ken Dibble krdib...@stny.rr.com wrote:
There are ways to deal with this, such as hash the previous record
with the current record so that if a record is deleted, the hash won't
match. You won't recover the data, buy you'll know that a change was made.
On 1/10/13 11:16 AM, Ed Leafe wrote:
On Jan 10, 2013, at 1:14 PM, Ken Dibble krdib...@stny.rr.com wrote:
There are ways to deal with this, such as hash the previous record
with the current record so that if a record is deleted, the hash won't
match. You won't recover the data, buy
Ummm. Write your immutable audit files to WORM media instead of R/W? :-)
--
rk
-Original Message-
From: ProfoxTech [mailto:profoxtech-boun...@leafe.com] On Behalf Of Ken Dibble
Sent: Thursday, January 10, 2013 2:14 PM
To: profoxt...@leafe.com
Subject: Re: [NF] Immutable Audit Trails
On Thu, Jan 10, 2013 at 1:14 PM, Ken Dibble krdib...@stny.rr.com wrote:
I'm researching health data security issues and came across a requirement
for immutable electronic audit trails.
The people who write these standards can't be serious, can they? There is
no such thing as immutable
On Thu, Jan 10, 2013 at 10:14 AM, Ken Dibble krdib...@stny.rr.com wrote:
I'm researching health data security issues and came across a requirement
for immutable electronic audit trails.
Is this the 'immutable' as in HIPAA requirements?
I imagine it's similar. Have you dealt with this?
On 1/10/2013 1:58 PM, Ed Leafe wrote:
On Jan 10, 2013, at 12:54 PM, Ken Dibble krdib...@stny.rr.com wrote:
Nor would hashing each entry separately prevent them from being deleted.
Deleting an entry indicating that so-and-so accessed such-and-such a record at
such-and-such a time would be a
On Jan 10, 2013, at 4:24 PM, MB Software Solutions, LLC
mbsoftwaresoluti...@mbsoftwaresolutions.com wrote:
How do you tie to the previous record? Outside of Foxpro, there's no such
thing as RECNO I thought?
You can order records by timestamp. Almost everything that needs to be
Perhaps this will help:
http://dgz.dyndns.org/mediawiki/index.php?title=%28RHEL%29_HOWTO_configure_the_auditing_of_the_system_%28auditd%29
Regards,
LelandJ
On 01/10/2013 12:14 PM, Ken Dibble wrote:
I'm researching health data security issues and came across a
requirement for immutable
The nearest I've seen to immutable electronic data are the TPM's (Tamper
Proof Modules) used by banks to hold ATM software. They are hardened
steel boxes with several layers of very sophisticated self-destruct
anti-tampering hardware, are transported in securely guarded vehicles
and installed
On Thu, Jan 10, 2013 at 10:14 AM, Ken Dibble krdib...@stny.rr.com
wrote:
I'm researching health data security issues and came across a
requirement
for immutable electronic audit trails.
Ken:
If you google HIPAA immutable audit you'll get plenty of info,
including a paper on exactly what the
I'm researching health data security issues and came across a
requirement
for immutable electronic audit trails.
Ken:
If you google HIPAA immutable audit you'll get plenty of info, including
a paper on exactly what the legal requirement is.
Ah..okay... finally. After searching through
The first requirement is a locked down db server in a secure location
(with physical access to the hardware *all* security is invalidated -
even a bank TPM given sufficient time and technology).
The WORM approach can be circumvented by re-coding the whole disk, or
all the disks, or the entire
According to the ITlaw wiki:
An *immutable audit log* is a tamper-resistant
http://itlaw.wikia.com/wiki/Tamper-resistant recording
http://itlaw.wikia.com/wiki/Recording of how a system
http://itlaw.wikia.com/wiki/System has been used.
tamper-resistant is do-able
... but it also says:
A
20 matches
Mail list logo
