17.4. Summary
Syslogs are useful because they can provide administrators with analysis of a break-in. They can also help track down how an attacker managed to successfully break into a system. For these reasons, it is imperative that syslogs be secured.
At a minimum all syslogs should be stored on a separate partition and only readable by the administrative user of the server. Additional security steps that can be taken include writing the log files to a WORM device and encrypting the log files.
The best security enhancement for log files is to not store them directly on the network device. Most network devices have a facility called syslog, which will help direct the files to a separate location. The syslog server should be locked down using ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
