Critical Log Review Checklist

[j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)]

Thanks for the information.  This is really useful.  I do have a question
about  "#2: Copy log records to a single location where you will be able to
review them."  Is it best to collate all logs to one central location in the
organization or to segment them per router segment.  For example all logs
produced by devices in the DMZ would write to a dedicated log server in the
DMZ.  My concern is with allowing devices on outside segments writing to a
machine inside your main organization.  I know the risks are probably
minimal if that is all you are allowing through (e.g. allow machine X.X.X.X
in DMZ to write to port 514  of machine X.X.X.X in main segment but I am a
bit paranoid!

Thanks, 


-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Tim Mugherini
Sent: Tuesday, March 09, 2010 1:25 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Critical Log Review Checklist

Thank you to lenny zelster

On 3/9/10, Robert Miller <arch3angel at gmail.com> wrote:
> Here is a site that Bug_Bear linked to on Twitter and I thought others 
> may find it useful as well! - Thanks Bug_Bear
>
> http://zeltser.com/log-management/security-incident-log-review-checkli
> st.html
>
> - Robert
> (arch3angel)
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

--
Sent from my mobile device
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com