Firewall Wizards mailing list archives
Re: "Dropsafe" logs
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Thu, 8 Apr 1999 16:15:08 -0400 (EDT)
We are seeking a means to implement real-time write-once "dropsafe" logs of our firewall bastion in case of a system failure or a hacker trying to cover their tracks. Unfortunately, unless there's an alternative I'm not aware of, a CD-R requires a complete disk image in ISO 9660 format to be burned into the writeable disk all at once, which means we either have to wait until we have nearly 640 MB of logfiles to write or waste an awful lot of writeable disk space. We have no operational experience with MO drives here, nor would we want to risk those models where write-once settings can be turned off in software.
...
What are others doing to maintain real-time write-once copies of firewall logs? Is there write-once media to which data can be written in realtime (i.e. like a real filesystem)?
Several years ago, an organization that was very concerned with its security and logs had us hook up a Kodak magnet-optical write-once disk jukebox to an SGI system via SCSI bus for archiving of various logged data. ISTM that it was truly write-once, and also that the device mounted just like a regular Unix file system, except that the software in the device knew, when a file was deleted or renamed or otherwise changed, to mark invalid the blocks that had been used and use the next free set of blocks. I'm afraid that I don't know who owns that part of Kodak now. -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- "Dropsafe" logs Scott Crawford (Apr 08)
- Re: "Dropsafe" logs Roelof JT Jonkman (Apr 08)
- Re: "Dropsafe" logs Jim Laverty (Apr 10)
- Re: "Dropsafe" logs Joseph S D Yao (Apr 10)
- <Possible follow-ups>
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 08)
- RE: "Dropsafe" logs Frank W. Keeney (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- RE: "Dropsafe" logs Russ (Apr 10)
- Re: "Dropsafe" logs Robert Graham (Apr 10)
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 10)
- Re: "Dropsafe" logs Info Security Office - ITS - Yale Univ. (Apr 10)