On Sat, 29 Jun 2002, Richard Amerman wrote: > All logging should idealy be done off site using a syslog deamon.
Agreed. > The most important thing is not to have a breach and second to fix > weaknesses. In this situation flushing the memory IS the best > solution to insure this, though it is not the only one, and would > rarely be that practicle or worth the hastle. Absolutely disagree. Rebooting is a waste of time. If there is a way in, rebooting does nothing to prevent repetition. If there is not, rebooting serves no purpose. If you are faced with a break-in in-progress, you need to disable external network access until the problem is rectified... not reboot. > Nothing is lost other > than evidence, but it is more important to stop the crime rather than > catch someone after the damage is done and with the logs safe you > should have the most important information avialable. Mostly true. I don't know that what was logged will provide enough clues as to the method of entry to close the hole, so I want the memory intact if possible just in case. > > Richard Amerman > > -----Original Message----- > From: Jeff Newmiller [mailto:[EMAIL PROTECTED]] > Sent: Sat 6/29/2002 7:28 PM > To: Richard Amerman > Cc: [EMAIL PROTECTED] > Subject: RE: Software write-protect (Was: Re: [leaf-user] Floppies) > > On Sat, 29 Jun 2002, Richard Amerman wrote: > > > It seems to me that reguardless of what you do to write-protect the > > medium, you have to flush (restart) the system regularly to be the > > most secure. This would idealy have to be done by some method that is > > both independant of the LEAF firewall itself and the systems it is > > protecting as these methods could be compromised. If you had a simple > > hardware timer that recycled the power on the machine every night or > > on some schedule that makes sense this would work. > > I disagree. Flushing ram flushes evidence of disturbances, and does > nothing to find or eliminate latent weaknesses. --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
