Snort mailing list archives
Snort Databse-Plugin: Deletion of Logs
From: Olaf Gellert <og () pre-secure de>
Date: Thu, 01 Aug 2002 16:55:40 +0200
Hi, just a little question: If I use the database plugin for some sonsors to log into one central database, what about the security issues. Ok, I can use STunnel or so to encrypt the log messages on their way to the database. If one of my Snort-Sensors get's hacked, is it possible for the hacker to delete the previously logged messages? Or are the logs written in some kind of append-only mode? If it is possible to delete the logs from one hacked sensor, can only the messages from this sensor or even the logs from the other sensors be deleted? Regards... Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE og () pre-secure de Check on European Security Incident Response Teams http://www.ti.terena.nl ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Databse-Plugin: Deletion of Logs Olaf Gellert (Aug 01)
- <Possible follow-ups>
- RE: Snort Databse-Plugin: Deletion of Logs Chris Eidem (Aug 01)