The IETF BOF on security issues in network event logging (syslog) has been
approved and will be scheduled for the November IETF meeting. I'll forward
more details when they become available.
Also note that an email list has been set up for discussion of the subject,
at
[EMAIL PROTECTED] There is also a digest (weekly summary) list
available at [EMAIL PROTECTED] To subscribe to either send an
email message to [EMAIL PROTECTED], with the single line
subscribe syslog-sec
or
subscribe syslog-sec-digest
Please subscribe to this list if you are planning to attend the BOF --
thanks!
Alex Brown <[EMAIL PROTECTED]> +1 508 323 2283
---------------------- Forwarded by Alex Brown/US/3Com on 10/01/99 11:25 AM
---------------------------
Jeffrey Schiller <[EMAIL PROTECTED]> on 10/01/99 10:26:27 AM
Sent by: Jeffrey Schiller <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED] (Alex Brown/US/3Com)
Subject: Fwd: Re: BOF request: Security issues in network event logging
(syslog)
This BOF request meets with my approval. Please schedule it. Thanks.
-Jeff
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 9/29/99, 9:24:14 PM, [EMAIL PROTECTED] wrote regarding Re: BOF
request: Security issues in network event logging (syslog):
> Hello -
> This BOF request can be scheduled with your approval. Could you
please
> respond to this request from Marcia Beaulieu <[EMAIL PROTECTED]>?
> Thank you.
> Alex Brown <[EMAIL PROTECTED]> +1 508 323 2283
> ---------------------- Forwarded by Alex Brown/US/3Com on 09/29/99
05:19 PM
> ---------------------------
> Marcia Beaulieu <[EMAIL PROTECTED]> on 09/29/99 04:41:31 PM
> Sent by: Marcia Beaulieu <[EMAIL PROTECTED]>
> To: Alex Brown <abrown @3com-ne.com>
> cc: (Alex Brown/US/3Com)
> Subject: Re: BOF request: Security issues in network event logging
> (syslog)
> Alex,
> As long as I get an okay from Jeff, I can schedule this. I do not see
> an okay from him, but I may be overlooking it. If you have the okay
> from Jeff, please forward to me and I will schedule this.
> Marcia
> At 01:52 PM 9/27/99 -0400, you wrote:
> >Hello -
> >Could you please give me some confirmation that this request was
> >received
> >and is being considered?
> >Thank you.
> >
> >--
> >Alex Brown v 4 323 2283
> >Consulting engineer - MSD software development
> >Marlborough MA USA
> >
> >> Hello -
> >> Could you please give me some confirmation that this request was
> received
> >> and is being considered?
> >> Thank you.
> >>
> >>
> >> ---------------------- Forwarded by Alex Brown/US/3Com on 09/22/99
11:16
> AM
> >> ---------------------------
> >> From: Alex Brown/US/3Com on 09/15/99 02:03 PM
> >> Sent by: Alex Brown - Consulting engineer, MSD software
development
> +1
> >> 508 323 2283
> >>
> >> To: [EMAIL PROTECTED]
> >> cc: "Jeffrey Schiller"
> >> Subject: BOF request: Security issues in network event logging
(syslog)
> >> Hello -
> >> I'm responsible for design of security features in the 3Com
Corebuilder
> >> switch product family, and chair of a company-wide committee
> recommending
> >> minimum security features for all 3Com network devices. We are
> >> strengthening network manager authentication and authorization
> mechanisms,
> >> and are interested in providing optional notifications of
authentication
> >> failures and other security-related events with UNIX network syslog
as
> well
> >> as SNMP traps. Many security vulnerabilities of UNIX syslog have
been
> >> pointed out in recent years, but we believe an authentication event
> notice
> >> to syslog is still valuable. We would like to find others interested
in
> >> correcting some of the security vulnerabilities of syslog for this
kind
> of
> >> use -- in embedded systems used in a UNIX network environment, with
> limited
> >> computational resources and strong exportability requirements. I
would
> >> like to schedule and announce a BOF meeting for the November IETF
> meeting
> >> in Washington:
> >>
> >> "Birds of a Feather" (BOF): Security issues in network event logging
> >> (syslog)
> >>
> >> Agenda:
> >> UNIX syslog as de facto network event logging standard
> >> UNIX syslog origin as BSD local system event logging mechanism
> >> Extension to network logging by assignment of UDP port 514
> >> Lack of recorded standard style documentation of syslog
> >> History of security defects in design and implementation
> >> Security analysis: local vs network threat model; low, medium,
> high
> >> risk environments
> >> Proposals
> >> Schneier (?http://www.counterpane.com/secure-logs.html)
> >> Reed and Assange (-logs.htmlo
> http://cheops.anu.edu.au/~avalon/nsyslog.html)
> >> Torre (/~avalon/nsyslog.htmlhttp://www.core-sdi.com/ssyslog)
> >> 3Com: simple filtering and authentication methods
> >> Others?
> >> Needed work
> >> Syslog description RFC (finally)
> >> Security recommendations for existing syslog
> >> Secure replacement for syslog
> >> Discuss IETF approach: New WG? Activity within existing WG?
> >> BOF outcome:
> >> WG formation?
> >> BOF records published?
> >>
> >> I think two hours of discussion should suffice. In the event that a
WG
> is
> >> formed, a possible charter might be as follows:
> >>
> >> POSSIBLE BOF/WORKING GROUP CHARTER
> >> Security issues in network event logging (syslog)
> >> Charter - Resolve syslog security issues as described
> >> Chair(s): TBD, I am willing to serve
> >> Security Area Directors:
> >> Jeffrey Schiller
> >> Marcus Leech
> >> Mailing lists: TBD
> >> Description of Working Group:
> >> Syslog is a defacto standard for network logging of system and
> network
> >> events, but it has never been treated as such by IETF. This WG
> would
> >> briefly describe existing BSD syslog in an informational RFC and
> >> proceed to recommend several levels of security mechanisms that
> could
> >> be applied to syslog daemon and client operation to meet various
> kinds
> >> and levels of threat. The WG would also discuss replacement of
> syslog
> >> with network logging systems that are (a) designed, and (b)
> designed
> >> to meet specific security threats with cryptographically strong
> >> protocols.
> >> Goals and Milestones: TBD
> >>
> >> Alex Brown +1 508 323 2283
> >>
> >>
> >> Sent by: Jeffrey Schiller
> >>
> >> To: Alex Brown/US/3Com
> >> cc: "Jeffrey I. Schiller" , [EMAIL PROTECTED], Dan
> >> Nessett/HQ/3Com, [EMAIL PROTECTED],
[EMAIL PROTECTED]
> >> Subject: Re: IETF work on Secure Syslog
> >>
> >>
> >>
> >> You should check the documentation on the http://www.ietf.org
website.
> >> Basically you need to come up with an agenda and send a request for a
> >> BOF slot to [EMAIL PROTECTED] (cc me on the request, as I have to
> >> approve it).
> >> -Jeff
> >> >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
> >> On 9/14/99, 7:56:33 PM, [EMAIL PROTECTED] wrote regarding Re:
> >> IETF work on Secure Syslog:
> >> > Hello -
> >> > Thanks for your interest in an IETF BOF on security issues in
syslog.
> >> > I've made some preliminary inquiries and have some positive replies
> >> > indicating interest (below). What more is involved in preparation
for
> >> > scheduling and announcing a BOF on the subject?
> >> > Thanks,
> >> > Alex Brown +1 508 323 2283
> >> > ...
> >>
> >>
> >>
> >>
> >>
> >
Fwd: Re: BOF request: Security issues in network event logging (syslog)
by way of "Chris M. Lonvick" <[EMAIL PROTECTED]> Fri, 07 Apr 2000 09:08:43 -0700
