Snort mailing list archives
RE: Snort Databse-Plugin: Deletion of Logs
From: "Chris Eidem" <ceidem () Dexma com>
Date: Thu, 1 Aug 2002 10:57:43 -0500
that all depends on the security that you have set up on your database. set it up so that the snort user has no ability to delete or change data or tables, and you're fine - chris
-----Original Message----- From: Olaf Gellert [mailto:og () pre-secure de] Sent: Thursday, August 01, 2002 9:56 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort Databse-Plugin: Deletion of Logs Hi, just a little question: If I use the database plugin for some sonsors to log into one central database, what about the security issues. Ok, I can use STunnel or so to encrypt the log messages on their way to the database. If one of my Snort-Sensors get's hacked, is it possible for the hacker to delete the previously logged messages? Or are the logs written in some kind of append-only mode? If it is possible to delete the logs from one hacked sensor, can only the messages from this sensor or even the logs from the other sensors be deleted? Regards... Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE og () pre-secure de Check on European Security Incident Response Teams http://www.ti.terena.nl ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Databse-Plugin: Deletion of Logs Olaf Gellert (Aug 01)
- <Possible follow-ups>
- RE: Snort Databse-Plugin: Deletion of Logs Chris Eidem (Aug 01)