SANS Log Management Summit

Richard Bejtlich (TaoSecurity) wrote an excellent and extensive overview of the recent SANS Log Management Summit 2006. He mentions that Chris Brenton and Mike Poor unveiled the SANS Top 5 Essential Log Reports. I had not know about this report before. The list is:

  1. Attempts to Gain Access through Existing Accounts
  2. Failed File or Resource Access Attempts
  3. Unauthorized Changes to Users, Groups and Services
  4. Systems Most Vulnerable to Attack
  5. Suspicious or Unauthorized Network Traffic Patterns

 

Richard provides some detail on a talk by Lawyer Ben Wright about log management and legal issues. Ben provided three suggestions regarding log management.

 

  1. Policy should stress preferences, not statements saying “We will do X.”
  2. Keep records of the fact you reviewed logs.
  3. Only a company’s full audit committee should know about all monitoring methods — neither employees nor the CEO should know what is watched or stored.

A version of this talk was provided on a SANS Webcast Ask The Expert: “The Law of IT System Logs”.

Advertisements

Steve Mullen has been involved in information technology for over 35 years. He is also actively involved in the music program (voice and English hand bells) and Vestry of St. Anne’s Episcopal Church in Damascus, MD.

Posted in Blog, IT Management, Log Management, Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories
July 2006
M T W T F S S
« Jun   Aug »
 12
3456789
10111213141516
17181920212223
24252627282930
31  
%d bloggers like this: