[Snort-users] Snort Databse-Plugin: Deletion of Logs
og at ...6508...
Thu Aug 1 08:00:03 EDT 2002
just a little question: If I use the database plugin
for some sonsors to log into one central database, what
about the security issues.
Ok, I can use STunnel or so to encrypt the log messages
on their way to the database. If one of my Snort-Sensors
get's hacked, is it possible for the hacker to delete
the previously logged messages? Or are the logs written
in some kind of append-only mode?
If it is possible to delete the logs from one hacked
sensor, can only the messages from this sensor or
even the logs from the other sensors be deleted?
Dipl.Inform. Olaf Gellert PRESECURE (R)
Consultant, Consulting GmbH
Phone: (+49) 0700 / PRESECURE og at ...6508...
Check on European Security Incident Response Teams
More information about the Snort-users