Hi,
Just to clarify this a bit-
At 12:09 PM 10/26/99 -0400, [EMAIL PROTECTED] wrote:
>(According to Chris Lonvick <[EMAIL PROTECTED]>
>his company has implemented a custom "secure logger" for one customer, and
>would also prefer to join in finding an IETF standard solution rather than
>continue to support the custom version.)
My interest is to secure "logging". Before I came to Cisco, I ran a real
network and was subject to a prank where someone dumped tons-o-stuff into
my syslog server. Ever since, I've been trying to find some ways to make
syslog work in a better fashion.
Once at Cisco, I became involved in some of our security products and was
involved in the effort to get NCSC TTAP certification (Firewall Protection
Profile - equivalent to CC EAL-2) for the Cisco PIX. One of the
requirements was that it cease operations if it could not verifiably log
events. We solved that by implementing a logging solution that provided
positive acknowledgement of message receipt. I have talked to the
engineering manager of the PIX and he would like to phase that out in
preference of a standard. Since the BOF was approved, I have also been
talking to other departments within Cisco to get their interest.
All-in-all, this is to say that I am not representing Cisco in this.
I don't have much skill at writing code or in system internals, but I
do want to participate in getting a secure "logging" mechanism as an
approved standard.
Thanks,
Chris
