Re: auditing
Dan.McDonald@Eng.sun.com (Dan McDonald) Wed, 02 April 1997 22:20 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id RAA17055 for ipsec-outgoing; Wed, 2 Apr 1997 17:20:20 -0500 (EST)
From: Dan.McDonald@Eng.sun.com
Message-Id: <199704022225.OAA00456@kebe.eng.sun.com>
Subject: Re: auditing
To: sommerfeld@apollo.hp.com
Date: Wed, 02 Apr 1997 14:25:35 -0800
Cc: ipsec@tis.com
In-Reply-To: <199704022147.QAA00458@thunk.ch.apollo.hp.com> from "Bill Sommerfeld" at Apr 2, 97 04:47:55 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
I have to say that after some further thought, if you HAVE logging facilities, you MUST audit. This, I guess, puts me in violent agreement with Bill. I keep having this sinking feeling that there might be some class of attack that can only get caught by auditing/logging. Anyone care to comment on this? And speaking of Bill, he mentions... > Of course, this means that outbound (and inbound) logging traffic > needs to be treated the same way as key management traffic, bypassing > any ipsec policy engine which might trigger the creation or use of a > security association... I'll insert a plug for draft-mcdonald-simple-ipsec-api-01.txt, which includes such a BYPASS setting for privileged applications. Dan
- auditing Derrell Piper
- Re: auditing Ran Atkinson
- Re: auditing Rodney Thayer
- Re: auditing Bill Sommerfeld
- Re: auditing Theodore Y. Ts'o
- Re: auditing Ran Atkinson
- Re: auditing Bill Sommerfeld
- RE: auditing Rob Adams
- Re: auditing Dan McDonald
- Re: auditing Ran Atkinson
- Re: auditing Ran Atkinson
- RE: auditing Rob Adams
- Re: auditing Dan McDonald
- Re: auditing Bill Sommerfeld
- Re: auditing Daniel Harkins
- Re: auditing Bill Sommerfeld
- Re: auditing Uri Blumenthal
- RE: auditing Glen Zorn
- RE: auditing Glen Zorn
- Re: auditing Bill Sommerfeld
- RE: auditing Glen Zorn
- Re : keys visability (was : Re: auditing) Sara Bitan
- Re: Re : keys visability (was : Re: auditing) Uri Blumenthal