Reply to post: Re: Canaries!

Even 'super hackers' leave entries in logs, so prepare to drown in data


Re: Canaries!

> as they are aware of the when/how/where of sys logs it wouldn't be that difficult to fake said logs

An entirely correct point - so that's something else to watch out for when trying to figure out WTF the logs mean once they have been filled with all that chaff and sorting out the actual start point depending on how clever they have or have not been.

Also important is to ensure the logging machine only ever accepts logging messages and no other connections etc etc I realise I'm preaching to the choir now... perhaps syslog boxes should boot from a self-destructing USB stick and record everything to WORM drives or is that just standard practice now...?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019