Another possible
threat to consider for a Syslog
environment is:
Traffic Pattern
Analysis - It is sometimes used as a form of reconnaissance to further hone an
attack. The focus of attention is on how the network is being used as opposed to
the data content being moved. An analysis of this kind of information can
identify details about clients, reveal "hidden" log servers, give clues as to the
performance capabilities of certain systems (e.g., excessive
retransmits), identify specific chokepoints (ideal for denial of
service attacks), quiescent or active periods, etc.
Like denial of
service attacks, this threat is difficult to prevent.
Eric A. Hibbard, CISSP, ISSAP, ISSMP,
ISSEP
Senior Director, Data Networking Technology
Chair, SNIA Security Technical Work Group
Senior Director, Data Networking Technology
Chair, SNIA Security Technical Work Group
Office of the CTO
HITACHI DATA SYSTEMS
750 Central Expressway, MS 3407
Santa Clara, CA 95050-2627
P 408.970.7979/ F 408.562.5477
eric.hibbard@hds.com
HITACHI DATA SYSTEMS
750 Central Expressway, MS 3407
Santa Clara, CA 95050-2627
P 408.970.7979/ F 408.562.5477
eric.hibbard@hds.com
_______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
