SRS (Secure Remote Streaming)
by Matt Conover and Mark Zielinski
Platforms: BSDI, Linux, Solaris
Categories: Applications, Auditing, Cryptography, File Integrity, General, Log Analysis, Network Utilities, Replacement, Traffic Encryption, Tunneling
Version: 1.0
SRS is a program that streams a copy of a client's logs as specified by the syslog.conf file to a trusted server on a remote site. It provides strong authentication and secure communications between the client and the server through an SSL tunnel. It is intended as a replacement for syslogd. This and syslogd may NOT be running at the same time.

Features include:

- Secure logging. All communications are automatically and transparently encrypted. SSL (Secure Socket Layer) v3.0 is used for the authentication and encryption. A conventional cipher (3DES, RC4, etc.) for encrypting the session. Encryption is started before SRS authentication, and no data is streamed or transmitted in the clear
- No special configuration of syslogd is needed

- Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure SSL authentication never trusts anything but the private key.

- The client SSL authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server SSL authenticates the client machine before accepting any commands or requests from the client. On top of this, SRS will send its own challenge cookie - Client and server keys are generated by RepSec, Inc. Each client and server is provided a unique key

Comments Mode:


Privacy Statement
Copyright 2010, SecurityFocus