Title :
SecSyslog: an approach to secure logging based on covert channels
Author :
Forte, Dario V. ; Maruti, Cristiano ; Vetturi, Michele R. ; Zambelli, Michele
Author_Institution :
Incident Response Italy Project, Univ. of Milano, Crema, Italy
Abstract :
Today log traces are widely used to identify and prevent violations of corporate information systems. The most recent logging trend is to manage most level 3 ISO/OSI traffic via pcap-compatible output. But use of syslog is still very widespread, as are the security issues it entails, especially in its ´pure´ version. This paper outlines the basic syslog problems as foreseen in the RFCs, examines the ´secure´ alternatives to the protocol (and relative implementations) and proposes a transmission approach based on covert channels which, applied on the LINUX platform, might answer some of the intrinsic reliability problems which undermine its effectiveness as a digital forensic tool.
Keywords :
Linux; management information systems; protocols; security of data; telecommunication channels; LINUX; SecSyslog; corporate information systems; covert channels; digital forensic tool; level 3 ISO/OSI traffic; log traces; pcap-compatible output; secure logging; Communication channels; Computer hacking; Conferences; Digital forensics; ISO standards; Information security; Linux; Management information systems; Open systems; Protocols; Covert Channel; Forensic; Log Correlation; Log Integrity; Log analysis; Spyware.;
Conference_Titel :
Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop on
Print_ISBN :
0-7695-2478-8
DOI :
10.1109/SADFE.2005.21
