Sorry to let this slide; we do need to plan.
(1) I've offered to chair the BOF and produce minutes etc. for the IETF
but if there is strong interest from others we can discuss this. At any
rate we should agree together on agenda on this list.
(2) My preferred agenda would include:
(a) Background of UNIX syslog "protocol" -- need for informational
RFC simply recording existing practice?
(b) History of network syslog security problems
(c) Threat scenarios
(d) Current replacement solution proposals
(e) Approaches to improved security with existing syslogd
implementations
(f) Recommendations - decision on BOF outcome
I'm most concerned that we be clear about the goals of each of the various
solutions, because they seem to be aimed at different problems.
(3) Darren wrote:
"To get things going, is it worth
my while (and others who have done similar work to nsyslogd) to present
a 5-10 minute presentation about what they've done, design, etc ?"
Yes - probably more than 5-10 minutes will be needed. I think it's worth
reviewing Bruce Schneier's paper before doing so, however; I have not
heard from Schneier since he answered "maybe" to my mail asking for
interest. Would you be ready to handle this if he's not there?
(4) Participation -- the current membership of [EMAIL PROTECTED]
is:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
so we do not come even close to covering the interested parties. I will
repeat the invitation to the longer list I initially contacted. If there
is anyone else who should be informed please do so. I'm most concerned
about having had no communication with the author of "ssyslog" (see below),
Lucio Torre <[EMAIL PROTECTED]>, from Buenos Aires. All of his
various email addresses have bounced. Has anyone had contact with him?
Alex Brown
-----------------------
ANNOUNCE: Secure Syslog
To: [EMAIL PROTECTED]
Subject: ANNOUNCE: Secure Syslog
From: "Lucio Torre (CORE)" <[EMAIL PROTECTED]>
Date: Mon, 26 Jan 1998 21:48:46 -0700
Approved-By: [EMAIL PROTECTED]
Reply-To: "Lucio Torre (CORE)" <[EMAIL PROTECTED]>
Sender: Bugtraq List <[EMAIL PROTECTED]>
DO YOU TRUST YOUR SYSTEM'S LOGS?
Secure System Logging
** FREE SOURCE CODE AVAILABLE **
CORE SDI S.A. introduces a new cryptographically secure system
logging tool.
SECURE SYSLOG (ssyslog) is available for UNIX systems. Designed to
replace the syslog daemon, ssyslog implements a cryptographic protocol
called
PEO-1 that allows the remote auditing of system logs. Auditing remains
possible
even if an intruder gains superuser privileges in the system, the protocol
guarantees that the information logged before and during the intrusion
process
cannot be modified without the auditor (on a remote, trusted host)
noticing.
Ssyslog is the ultimate tool for system logs auditing and is
designed
to constitute a valuable tool in intrusion detection processes.
Ssyslog was developed in the research labs of CORE SDI S.A., and is
now placed in the public domain.
To get the source code and/or more information regarding ssyslog or PEO go
to:
<A HRef="www.core-sdi.com/ssyslog">www.core-sdi.com/ssyslog</A>
That is www.core-sdi.com/ssyslog
==============================[ CORE Seguridad de la Informacion S.A.
]=======
Lucio Torre Email :
[EMAIL PROTECTED]
http://www.core-sdi.com
Av. Santa Fe 2861 5to C TEL/FAX : +54-1-821-1030
Buenos Aires, Argentina. CP 1425 Mensajeria: +54-1-317-4157
===========================================================================
===
Re: BOF at 46th IETF for syslog
by way of "Chris M. Lonvick" <[EMAIL PROTECTED]> Fri, 07 Apr 2000 09:10:50 -0700
- BOF at 46... Darren Reed
