• DocumentCode
    3233979
  • Title

    SecSyslog: an approach to secure logging based on covert channels

  • Author

    Forte, Dario V. ; Maruti, Cristiano ; Vetturi, Michele R. ; Zambelli, Michele

  • Author_Institution
    Incident Response Italy Project, Univ. of Milano, Crema, Italy
  • fYear
    2005
  • fDate
    7-9 Nov. 2005
  • Firstpage
    248
  • Lastpage
    263
  • Abstract
    Today log traces are widely used to identify and prevent violations of corporate information systems. The most recent logging trend is to manage most level 3 ISO/OSI traffic via pcap-compatible output. But use of syslog is still very widespread, as are the security issues it entails, especially in its ´pure´ version. This paper outlines the basic syslog problems as foreseen in the RFCs, examines the ´secure´ alternatives to the protocol (and relative implementations) and proposes a transmission approach based on covert channels which, applied on the LINUX platform, might answer some of the intrinsic reliability problems which undermine its effectiveness as a digital forensic tool.
  • Keywords
    Linux; management information systems; protocols; security of data; telecommunication channels; LINUX; SecSyslog; corporate information systems; covert channels; digital forensic tool; level 3 ISO/OSI traffic; log traces; pcap-compatible output; secure logging; Communication channels; Computer hacking; Conferences; Digital forensics; ISO standards; Information security; Linux; Management information systems; Open systems; Protocols; Covert Channel; Forensic; Log Correlation; Log Integrity; Log analysis; Spyware.;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop on
  • Print_ISBN
    0-7695-2478-8
  • Type

    conf

  • DOI
    10.1109/SADFE.2005.21
  • Filename
    1592537
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3233979