On top of retention requirements, log files must be secured and access restricted and monitored. In an attempt to conceal unauthorised access or attempted access, intruders will try to edit or delete log files. Efforts to secure log files should include:
- Encryption of data residing on database and in transit where necessary.
- Segregation of logged data to an independent server.
- Collection of data on Write Once Read Many (WORM) disks or drives.
- Secure storage of backup and destruction of log files.
A good log management solution should provide a scalable and centralized process that can collect, normalise, aggregate, compress and encrypt log data from disparate sources such as routers, switches, firewalls, IDS/IPS, AV, SPAM/spyware, Windows, UNIX, and Linux systems to identify security breaches, hacker intrusion and or any other activity that could potentially be crippling valuable corporate assets. A good log management solution should also automate the process of producing reports, with relevant information that will indicate an anomaly or glitch. Having the system email these reports to your inbox at set intervals can save trouble and most importantly time.
A solution that automatically mines and manages that data can provide immediate insight into network activity, helping IT departments respond rapidly to security events and other network availability problems. Additionally, with stricter requirements imposed by best practices frameworks and regulatory legislation, companies must find more reliable ways of managing and securely archiving complete log data for compliance purposes and legal protection. Reporting requirements for security information are going to increase. Regulations are sure to call for log data from additional sources. Plan now for performance to handle streams of security information without impacting application performance and storage capacity that offers efficient growth paths as the enterprise storage requirements grow.
Log files may not be pretty, but they make fantastic partners, working tirelessly in the background, never complaining, always on top! Sometimes, they can be difficult to make sense of. A centralised log management system will undoubtedly help.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.