Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: digitally sign event data by sensor

From: "Oliver Bode" <oliver () x509security com>
Date: Fri, 18 Oct 2002 12:20:53 +1000
I am asking because in my environment I will have to be able to prove that

a

certain event really originated from the sensor that sent it and has not
been faked.


Signing is an act that should be performed by people not machines. Getting
your machine to automatically sign logs will not prove anything more than
what you have now.

If I had root access to your machine I could create whatever logs I wanted
and could sign them using your machine certificate. This is just smoke and
mirrors.

This is probably not the best way of proving the sensor has sent the alert
and has not been faked.




-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: