Hacks #54-60
Keeping
logs is a very important aspect of maintaining the security of your
network, as logs can assist in everything from alerting you to an
impending attack to debugging network problems.
After an incident has occurred, good logs can help you
track down how the attacker got in, fix the security hole, and figure
out which machines were affected. In addition, logs can help with
tracing the attack back to its source, so you can identify or take
legal action against the intruder.
In short, log files are worth their weight in gold (just
pretend that bits and bytes weigh a lot).
As such, they should be given at least as much protection
as any other information that's stored on your
serverseven the patent schematics for your perpetual motion
machine.This chapter deals mostly with various ways to set up remote logging,
whether it be a simple central syslogd that your
servers are logging to, setting up your Windows machines to send to a
syslogd, or using syslog-ng
to collect logs from remote sites through an encrypted TCP
connection. Using these methods, you
can ensure that your logs are sitting safely on a dedicated server
that's running minimal services, to decrease the
chance that the logs will be compromised.Once you have all your logs collected in a central place, what can
you do with them? This chapter also
covers ways to summarize your logs into reports that are easy to read
and understand, so you can quickly spot the most pertinent
information. If
that's not fast enough for you,
you'll also learn how to set up real-time alerts
that will notify you as soon as a critical event occurs. In some circumstances, responding immediately
to an eventrather than waiting around for it to end up in a
report that you read the next morningcan save hours of effort. |
لطفا منتظر باشید ...
