Educause Security Discussion mailing list archives
Logging and Auditing of Key System Changes
From: Mark Rogowski <m.rogowski () UWINNIPEG CA>
Date: Fri, 22 May 2009 09:23:58 -0500
Folks, I am seeking insight from those of you who have assisted in establishing the process of centralized logging of Administrative-based events that occur on key systems (routers, firewalls, servers, etc.). The scope of the events I refer to are fairly high level, meaning the recording of major configuration changes made to a system or service. I would be most interested in knowing: a.) Are these event logs viewed/managed by the Administrators of the system(s) themselves or are they segregated from the daily logs the Administrators usually work with? b.) If the Administrators have full access to these log entries, have you ever had conversations with management where this has been brought up as a potential security issue? Did management accept the risk of having a possible insider threat? What steps were taken to minimize said risk? c.) If said log entries are segregated from the Admins, who usually accesses them? How long are they retained for? I appreciate any and all feedback on this. Thanks, Mark Rogowski CISSP, CISM IT Security Technology Solutions Centre University of Winnipeg Ph: (204) 786-9034
Current thread:
- Logging and Auditing of Key System Changes Mark Rogowski (May 22)