LogAnalysis
[logs] Log Policy Jan 31 2008 01:26AM
Greg Vickers (g vickers qut edu au) (3 replies)
RE: [logs] Log Policy Feb 01 2008 04:58PM
Fenwick, Wynn (wynn fenwick cgi com)
Re: [logs] Log Policy Feb 01 2008 04:11AM
Mordechai T. Abzug (morty frakir org) (1 replies)
[logs] Looking at windows logs May 29 2008 12:42PM
James B Horwath (Jim_Horwath glic com) (4 replies)
RE: [logs] Looking at windows logs May 29 2008 08:40PM
Rainer Gerhards (rgerhards hq adiscon com)
Re: [logs] Looking at windows logs May 29 2008 07:16PM
Harlan Carvey (keydet89 yahoo com)
RE: [logs] Looking at windows logs May 29 2008 06:49PM
Pauls, Nicole (npauls trigeo com)
RE: [logs] Looking at windows logs May 29 2008 06:30PM
Grimes, Jason (jg48 txstate edu)
Re: [logs] Log Policy Feb 01 2008 12:18AM
Anton Chuvakin (anton chuvakin org) (2 replies)
Re: [logs] Log Policy Feb 01 2008 03:06AM
ron dilley (ron dilley gmail com)
List,

I'll get this going:

"b. Network Access

All perimeter devices must have or enforce the following:
* Audit trails of all configuration writes, modifications and deletes
* Audit logs must be forwarded to a company owned and controlled central
logging system
* Audit logs must be retained for 2 years
* Log and alert all known attempted exploits of the device
* Log and alert all unauthorized access or login attempts

Perimeter devices that control access between/among networks of varying
levels of threat or sensitivity must have or enforce the following:

* Log the movement of all traffic
* Logs must be forwarded to a company owned and controlled central
logging system
* Logs must be retained for 2 years"

and

"VII. Audit
A. Information Systems Logs
All information systems must keep accurate logs that provide the ability to
analyze, recreate or synchronize events that have taken place. Logs must be
forwarded to the enterprise-logging infrastructure."

Ron

On Jan 31, 2008 4:18 PM, Anton Chuvakin <anton (at) chuvakin (dot) org [email concealed]> wrote:

> > If you know of a good resource, or tips on writing such a policy, please
> > let me know :)
>
> Actually, let's create this resource right here on the list out of
> responses (mine is coming later)
>
> This would be extremely useful for many people.
>
> --
> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
> http://www.chuvakin.org
> http://chuvakin.blogspot.com
> http://www.info-secure.org
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
List,<br><br>I'll get this going:<br><br>"b.    Network Access<br><br>All perimeter devices must have or enforce the following:<br>*    Audit trails of all configuration writes, modifications and deletes<br>*    Audit logs must be forwarded to a company owned and controlled central logging system<br>
*    Audit logs must be retained for 2 years<br>*    Log and alert all known attempted exploits of the device<br>*    Log and alert all unauthorized access or login attempts<br><br>Perimeter devices that control access between/among networks of varying levels of threat or sensitivity must have or enforce the following:<br>
<br>*    Log the movement of all traffic<br>*    Logs must be forwarded to a company owned and controlled central logging system<br>*    Logs must be retained for 2 years"<br><br>and<br><br>"VII. Audit<br>A. Information Systems Logs<br>
All information systems must keep accurate logs that provide the ability to analyze, recreate or synchronize events that have taken place. Logs must be forwarded to the enterprise-logging infrastructure."<br><br>Ron<br>
<br><br><br><br><div class="gmail_quote">On Jan 31, 2008 4:18 PM, Anton Chuvakin <<a href="mailto:anton (at) chuvakin (dot) org [email concealed]">anton (at) chuvakin (dot) org [email concealed]</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">> If you know of a good resource, or tips on writing such a policy, please<br>> let me know :)<br><br></div>Actually, let's create this resource right here on the list out of<br>responses (mine is coming later)<br>
<br>This would be extremely useful for many people.<br><font color="#888888"><br>--<br>Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA<br>      <a href="http://www.chuvakin.org" target="_blank">http://www.chuvakin.org</a><br>  <a href="http://chuvakin.blogspot.com" target="_blank">http://chuvakin.blogspot.com</a><br>
   <a href="http://www.info-secure.org" target="_blank">http://www.info-secure.org</a><br></font><div><div></div
><div class="Wj3C7c">_______________________________________________<br>LogAna
lysis mailing list<br><a href="mailto:LogAnalysis (at) loganalysis (dot) org [email concealed]">LogAnalysis (at) loganalysis (dot) org [email concealed]</a
><br>
<a href="http://www.loganalysis.org/mailman/listinfo/loganalysis" target="_blank">http://www.loganalysis.org/mailman/listinfo/loganalysis<
/a><br></div></div></blockquote></div><br>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] Log Policy Feb 01 2008 03:04AM
Greg Vickers (g vickers qut edu au)


 

Privacy Statement
Copyright 2010, SecurityFocus