Firewall Wizards mailing list archives
Re: "Dropsafe" logs
From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 09 Apr 1999 15:07:08 -0400
In message <199904081905.PAA21893 () rehost com>, Bret McDanel writes:
---Reply on mail from Steven M. Bellovin about "Dropsafe" logsIn message <199904081003.KAA12670 () idc057 IDC CTBTO ORG>, Scott Crawford writes:
We are seeking a means to implement real-time write-once "dropsafe" logs of our firewall bastion in case of a system failure or a hacker trying to cover their tracks. Unfortunately, unless there's an alternative I'm not aware of, aCD-R requires a complete disk image in ISO 9660 format to be burned into the writeable disk all at once, which means we either have to wait until we havenearly 640 MB of logfiles to write or waste an awful lot of writeable diskspace.You may need to redefine "waste". 30 seconds looking at the Web shows a 3.2G IDE drive for ~$100, and 9G UltraSCSI for $400.Thought he said 'waste' in reference to CD roms.. Using a CD-R to record logs - as he indicated - requires that you build a filesystem image then burn that image. He also said that he wants 'write-once "dropsafe" logs' which implies that you cant use a HD in that example as they are rewritable (unless there is a mechanical switch on them that conects a jumper and lets you toggle read/write however that isnt as automated as some desire).
There's certainly some ambiguity in the original request, and your reading may be closer to the intent than mine was. I'll defend myself by noting that the rest of my response suggested a $500 Linux box. The medium itself isn't write-once, but the service is.
Current thread:
- "Dropsafe" logs Scott Crawford (Apr 08)
- Re: "Dropsafe" logs Roelof JT Jonkman (Apr 08)
- Re: "Dropsafe" logs Jim Laverty (Apr 10)
- Re: "Dropsafe" logs Joseph S D Yao (Apr 10)
- <Possible follow-ups>
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 08)
- RE: "Dropsafe" logs Frank W. Keeney (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- RE: "Dropsafe" logs Russ (Apr 10)
- Re: "Dropsafe" logs Robert Graham (Apr 10)
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 10)
- Re: "Dropsafe" logs Info Security Office - ITS - Yale Univ. (Apr 10)