Re: EU approves data retention rules

[Alessandro Bottonelli <a.bottonelli () axis-net it>]

On Tuesday 20 December 2005 13:17, Alvin Oga wrote:
> logs should be time stamped and gpg signed to minimize tampering
>
> worst still, what if they admins turn off all logging on the
> machines so there is zero-ized log files ... silly admins forgot to
> check that syslogd is running or other that /var/log exists
>
> /var/log typically get moved to a remote loghost .. that may or
> may not be writable by that host
Whether logs are legal evidence or have any meaning in a court of 
justice or even in a less formal environment like an HR office that's 
a very different kind of story. EU directives and Member States Laws 
ask us to retain them for a certain period of time. Period. How to 
use them for what purpose is somebody else's issue.

To us techies is very clear that logs are just.... logs. Text files 
with lines of rubbish one after the other that maybe are genuine 
maybe are not, and that can easily be tampered with a simple text 
editor. Depending on who you are dealing with logs may be the the 
source of truth, nothing at all, or anything in between....

-- 
Alessandro Bottonelli
CISSP, BS7799 LA
http://www.axis-net.it

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------