Bugtraq mailing list archives
Re: Write-only devices (Was read only devices)
From: Piete.Brooks () cl cam ac uk (Piete Brooks)
Date: Fri, 21 Jun 1996 22:00:19 +0100
All the chat about mounting / and /usr read-only, with confusion over whether it was to be done in hardware or software, reminds me of a security device which ought to be well known and widely used but is hardly ever implemented.
Enter nit pick mode then :-))
A write-only logger is incredibly useful when performing forensic work after something has gone badly wrong.
I cannot see why being unreadable helps for forensic work. By making it unreadable, you can log "sensitive" material, and the intruder cannot see what is being recorded. Howevber, I would consider Write Once as being the important property.
I do not know of any readily available write-only output device other than printers these days.
My plan is to get a small Linux box, put a MUX card in it, and connect all the consoles to it. I suspect most sites would be able to set up a "sufficiently" secure system to allow it to be network connected, but you could opt not to network connect it. You could change an Exabyte to which the data is written when it's full, or if you want to collect evidence before that, login to the console, select the required info, and write it to a floppy. Where's the problem ??
Clarification for pedants: by write-only, I mean something which is not readable, by the system performing the writing or, indeed, any other connected system without having to physically remove the device and re-connect it to a reading system. Printer paper can be OCR'ed, but unless the output is fed into an OCR system, it is unreadable.
Agreed.
Further, it must not be possible for anything to be deleted once written,
No -- I disagree -- that's "write once".
Current thread:
- Re: Sendmail 6.x+ holes?, (continued)
- Re: Sendmail 6.x+ holes? martinh () mailhost emap co uk (Jun 24)
- Re: Sendmail 6.x+ holes? Henry W. Farkas (Jun 24)
- Re: Sendmail 6.x+ holes? martinh () mailhost emap co uk (Jun 24)
- Router programming,source routes and spoofed ICMP attacks. Alan Brown (Jun 19)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Alan Brown (Jun 22)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 24)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Cyrus Durgin (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Yiorgos Adamopoulos (Jun 21)
- Administratrivia Aleph One (Jun 21)
- Write-only devices (Was read only devices) Paul C Leyland (Jun 21)
- Re: Write-only devices (Was read only devices) Piete Brooks (Jun 21)
- Re: Write-only devices (Was read only devices) [via LSMTP - see Paul C Leyland (Jun 24)
- nuke *Hobbit* (Jun 21)
- Re: nuke Rowan Smith (Jun 24)
- Re: nuke Vadim Kolontsov (Jun 24)
- Re: nuke Chris A. Petro (Jun 26)