Snort mailing list archives
Re: digitally sign event data by sensor
From: "Oliver Bode" <oliver () x509security com>
Date: Fri, 18 Oct 2002 12:20:53 +1000
I am asking because in my environment I will have to be able to prove that
a
certain event really originated from the sensor that sent it and has not been faked.
Signing is an act that should be performed by people not machines. Getting your machine to automatically sign logs will not prove anything more than what you have now. If I had root access to your machine I could create whatever logs I wanted and could sign them using your machine certificate. This is just smoke and mirrors. This is probably not the best way of proving the sensor has sent the alert and has not been faked. ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- digitally sign event data by sensor counter . spy (Oct 17)
- Re: digitally sign event data by sensor Bennett Todd (Oct 17)
- Re: digitally sign event data by sensor Oliver Bode (Oct 17)
- <Possible follow-ups>
- RE: digitally sign event data by sensor Ben Tetu-Pappas (Oct 17)