From the course: Threat Modeling: Repudiation in Depth

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Attacks on logs

Attacks on logs

From the course: Threat Modeling: Repudiation in Depth

Start my 1-month free trial

Attacks on logs

- [Instructor] We'll cover defenses in-depth in chapter six, but for now, understand that logs, yes, logs, are a primary way of dealing with repudiation, and so, they can come under attack. Someone breaks into your server. They'll delete the logs. They'll fill the logs so your software deletes them, and so you needed logs of what's happening on your servers at a system, shell and application level, and you need to keep those logs around. Typical log rotation rules were last updated in the 90's when disc cost dollars per megabytes. Now, it's pennies per gigabyte, but we haven't updated the rules, and by default, Linux still rotates out your logs after seven days. Pushing logs to a dedicated logging system allows you to manage and protect storage, to perform correlation and analysis, and gives you something to look at when local copies of your logs have been trashed, and gives you something to look at when local copies…

Contents