---Reply on mail from Crumrine, Gary L about Does Ruling Give Hackers Free Rein?
> Kind of makes a case for an IDS that is capable of logging when, who, and
> where they went and what they did, what was accessed, downloaded etc...
>
Yes and no.. Logging never hurt anyone (cept the person buying
tapes/disks :) but if you log all this information and it goes back to a
dialup and the isp doesnt have any information on which account was on at
that time, then all those logs dont do much.. Also, according to the
federal evidence guidelines computer logs are hearsay and not admissible
unless they meet certain criteria, the biggest being
Must be business records, in order for this classification, they have
to be used in the daily course of business, and cannot be generated to
catch someone specific (odd, but hey)
Have to be shown to be reliable (if they reside on a compromised system
then you cant really rely on them, printing and signing them may be
useful) This is also a good reason to block syslog at the router. If
the logs have bad entries from someone spoofing UDP packets to
syslogd, then you may not be able to use any of them.
A judge ultimatly has the say if they are admissible, so you have to
be nice and hope that he is in a good mood :)
Even with all that, if you have logs that someone used ip a.b.c.d to break
in, and there are no logs anywhere else of who was using that IP at the
time in question, or if the information used to set up the account was
false, or if the person that owns the acct doenst have anything on their
home system that could show a break in, then it doesnt much matter becuase
the trail will stop cold..
--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144
These opinions are mine, and may not be the same as my employer
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
