Maybe I was not completely clear. I think we should go the TLS route
and
let the operator decide whether he wants authenticated or
unauthenticated TLS (or asymmetric authentication, e.g. the server is
authenticated but the client is not just like in HTTPS) So I fully
agree
with Rainer on
Another possible
threat to consider for a Syslog
environmentis:
Traffic Pattern
Analysis - It is sometimes used as a form of reconnaissance to further hone an
attack. The focus of attention is on how the network is being used as opposed to
the data content being moved. An analysis of
If a threat model
for Syslog is required, I would be very interested in helping out. Let me
know.
-Eric
Eric A. Hibbard, CISSP, ISSAP, ISSMP,
ISSEPSenior Director,
Data Networking TechnologyChair, SNIA Security Technical Work
Group
Office of the CTOHITACHI DATA
SYSTEMS750 Central
Message-
From: Darren Reed [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 17, 2005 5:07 AM
To: Eric Hibbard
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] Charter revision / WG obsolete?
As one of the many lurkers on this list, I have been monitoring this
WG's activities and I'm a bit concerned
As one of the many
lurkers on this list, I have been monitoring this WG's activities and I'm a bit
concerned with the recent posts. I had high hopes that some form of logging
standardization might materialize, but that now seems to be in
question.
Recent regulations
within the U.S. (e.g.,