[Snort-users] Snort Databse-Plugin: Deletion of Logs

Olaf Gellert og at ...6508...
Thu Aug 1 08:00:03 EDT 2002


Hi,

just a little question: If I use the database plugin
for some sonsors to log into one central database, what
about the security issues.

Ok, I can use STunnel or so to encrypt the log messages
on their way to the database. If one of my Snort-Sensors
get's hacked, is it possible for the hacker to delete
the previously logged messages? Or are the logs written
in some kind of append-only mode?

If it is possible to delete the logs from one hacked
sensor, can only the messages from this sensor or
even the logs from the other sensors be deleted?

Regards... Olaf


-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Consultant,                              Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at ...6508...

       Check on European Security Incident Response Teams
                                  http://www.ti.terena.nl





More information about the Snort-users mailing list