Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

PPT Version

advertisement 
th
56
IETF
syslog WG
Chair: Chris Lonvick <clonvick@cisco.com>
mailing list: syslog-sec@employees.org
Agenda
●
Agenda Bashing
- 2m
●
Review of Charter and Status Update
- 8m
●
Review of syslog-mib
- 40 m
●
Wrap Up
- 10 m
Syslog WG Charter (1/3)
●
Syslog is a de-facto standard for logging system
events. However, the protocol component of this
event logging system has not been formally
documented. While the protocol has been very
useful and scaleable, it has some known but
undocumented security problems. For instance,
the messages are unauthenticated and there is no
mechanism to provide verified delivery and
message integrity.
Syslog WG Charter (2/3)
●
The goal of this working group is to document
and address the security and integrity problems of
the existing Syslog mechanism. In order to
accomplish this task we will document the
existing protocol. The working group will also
explore and develop a standard to address the
security problems.
Syslog WG Charter (3/3)
●
Beyond documenting the Syslog protocol and its
problems, the working group will work on ways
to secure the Syslog protocol. At a minimum this
group will address providing authenticity,
integrity and confidentiality of Syslog messages
as they traverse the network. The belief being that
we can provide mechanisms that can be utilized
in existing programs with few modifications to
the protocol while providing significant security
enhancements.
WG Status
●
●
“The BSD syslog Protocol” - RFC 3164 produced
August 2001.
“Reliable Delivery for syslog” - RFC 3195
produced November 2001.
●
draft-ietf-syslog-sign-09.txt - wip
●
draft-ietf-syslog-device-mib-03.txt - wip
Work to Do
●
●
●
Internationalization? - Characters are currently
defined as US-ASCII only
syslog-sign needs review, Security Considerations
and IANA Instructions
–
the ID also makes changes to the defined format of
3164 (timestamp, hostname, etc.)
–
3195bis to reflect these changes
syslog-mib needs review
Other Reference
●
●
●
loganalysis@lists.shmoo.com
discussion of formatting the contents of the
messages
–
xml
–
other tags
Great discussion of the interpretation of event
messages.
Related documents
59th IETF syslog WG
59th IETF syslog WG
SPA9xx Series Phone Experiencing Reboots Contents Introduction Document ID: 108952
SPA9xx Series Phone Experiencing Reboots Contents Introduction Document ID: 108952
SPA9xx Series Phone with Sidecar Experiencing Reboots Contents Introduction
SPA9xx Series Phone with Sidecar Experiencing Reboots Contents Introduction
PPT Version
PPT Version
NOC TOOLS syslog
NOC TOOLS syslog
Syslog
Syslog
Windows Log Management
Windows Log Management
Billion BIPAC 74xGE SNMP Utility SysLog Server Setup
Billion BIPAC 74xGE SNMP Utility SysLog Server Setup
Log Management - Network Startup Resource Center
Log Management - Network Startup Resource Center
Network Monitoring & Management Log Management
Network Monitoring & Management Log Management
Ch8- Study Guide
Ch8- Study Guide
syslog
syslog
Intrusion Detection
Intrusion Detection
syslog
syslog
8 1 2 6 Configuring Syslog and NTP
8 1 2 6 Configuring Syslog and NTP
3808.ArborConfig (1)
3808.ArborConfig (1)
Threat Analytics Platform (TAP)
Threat Analytics Platform (TAP)
kss installation guide
kss installation guide
яюю я K i w i S y s l o g W e b A c c e s s
яюю я K i w i S y s l o g W e b A c c e s s
Configuring Logging
Configuring Logging
kss administrator guide
kss administrator guide
,).58 3ERVER ND
,).58 3ERVER ND
Download
advertisement