Re: EU approves data retention rules

[Alvin Oga <alvin.sec () Virtual Linux-Consulting com>]

hi ya alessandro
> On Wednesday 14 December 2005 17:46, Saqib Ali wrote:
> > http://news.bbc.co.uk/2/hi/europe/4527840.stm
> >
> > The EU have ratified rules that will force ISP's and other
> > telecommunication companies to retain data for two years.
> To whom it may concern.
>
> Since this summer, Italian legislation requires carriers and ISPs to 
> retain traffic LOGs at least for four years, therefore anticipating 
> and exceeding EU rules.
>
> On the practical side, especially smaller ISPs are moaning about 
> investments required to comply (while storage vendors are quite 
> happy...).

i like it ... i think logs are good, if they are recorded and saved properly
 
logs are bad ... it takes up disk space and can trvially modified
to make it look like its in their favor instead the other side

- we have logs going back to the first day the machine or site went online
  which in some cases is over 5yrs, when we decided to save log files

logs should be time stamped and gpg signed to minimize tampering

worst still, what if they admins turn off all logging on the machines
so there is zero-ized log files ... silly admins forgot to check that
syslogd is running or other that /var/log exists

/var/log typically get moved to a remote loghost .. that may or
may not be writable by that host

c ya
alvin

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfoc_ml
----------------------------------------------------------------------------