Browser unable to execute script; please use the site map to navigate the site.

An approach to build a fortified network logger that is resilient to cracking attempts

Kroon and Olivier

2004

(Citation)Citation information

J. Kroon and M. S. Olivier. “An approach to build a fortified network logger that is resilient to cracking attempts”. In: Proceedings of the Fourth Annual Information Security South Africa Conference (ISSA2004). Work in progress paper, published electronically. Midrand, South Africa, June 2004

(Abstract)Abstract

Keeping logs secure and untampered with has always been a problem. The first things a cracker goes after once a system has been compromised are the logs[9]. They do this in order to cover their tracks and to hide their presence.

The preferred current solution the use of remote logging [14, p 372]. Even though this increases security of your log files, there is still the chance that a skilled cracker will be able to break into your log server, and tamper with your logs.

A simple way to effectively reduce the chances that a computer can be cracked is by cutting the transmit wires on the communication medium. This effectively prohibits TCP connections and reduces the device to a receiving only station. This further reduces the chances of this computer being hacked simply because there is no way to get feedback from it, or even detect it.

Private networks, with no routing into or out of the network, are an effective way of establishing secure and reliable communication between a set of stations. In order to gain access to the network a station on the perimeter has to be compromised before access to the private network can be gained.

This paper proposes an alternative manner in which to perform logging. It makes use of a silent log server, preferably inside a private network. A dummy log server can also be used inside this private network to heighten security by hiding the fact that you are using a silent logger.

(Full text)Full text

A pre- or postprint of the publication is available at https://mo.co.za/open/logger.pdf.

(BibTeX record)BibTeX reference

@inproceedings(logger,
author={Jaco Kroon and Martin S Olivier},
title={An approach to build a fortified network logger that is resilient to cracking attempts},
booktitle={Proceedings of the Fourth Annual Information Security South Africa Conference (ISSA2004)},
address={Midrand, South Africa},
month=jun,
year={2004},
note={Work in progress paper, published electronically} )