Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Databse-Plugin: Deletion of Logs

From: Olaf Gellert <og () pre-secure de>
Date: Thu, 01 Aug 2002 16:55:40 +0200
Hi,

just a little question: If I use the database plugin
for some sonsors to log into one central database, what
about the security issues.

Ok, I can use STunnel or so to encrypt the log messages
on their way to the database. If one of my Snort-Sensors
get's hacked, is it possible for the hacker to delete
the previously logged messages? Or are the logs written
in some kind of append-only mode?

If it is possible to delete the logs from one hacked
sensor, can only the messages from this sensor or
even the logs from the other sensors be deleted?

Regards... Olaf


--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Consultant,                              Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og () pre-secure de

      Check on European Security Incident Response Teams
                                 http://www.ti.terena.nl



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: