[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Auditing File Changes



On Mon, 10 Jul 2006 14:56:47 CDT, LC Bruzenak said:

> Security guy: Please deliver system with maximum security.

At this point, we already know the request is a crock.  Even fascist
military-style security recognizes that there exist tradeoffs (which is
why "Secret" and "Top Secret" have different requirements to prevent
disclosure, and so on).

> System guy (me): What do you need to know?
> Security guy: Any and all changes to security-relevant files.

You missed the obvious questions here:

Do you need the exact change, or is the fact that an unauthorized change
happened sufficient (you can always just get the over version off backups
and diff them)?

Do you need to know about unexplained failed attempts as well?

> System guy: Which ones are those?
> Security guy: All of 'em.

*all* files are security relevant?  Yowza. :)

There's not much that the audit code can do to support an unrealistic
design.  There may not be much it can do to support a *realistic* one that
has certain requirements - but at least at that point we can point you
at other tools to address the issues...

Attachment: pgpO1LE3ZbQ2d.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]