[logs] Log Policy
ron dilley
ron.dilley at gmail.com
Thu Jan 31 19:06:29 PST 2008
List,
I'll get this going:
"b. Network Access
All perimeter devices must have or enforce the following:
* Audit trails of all configuration writes, modifications and deletes
* Audit logs must be forwarded to a company owned and controlled central
logging system
* Audit logs must be retained for 2 years
* Log and alert all known attempted exploits of the device
* Log and alert all unauthorized access or login attempts
Perimeter devices that control access between/among networks of varying
levels of threat or sensitivity must have or enforce the following:
* Log the movement of all traffic
* Logs must be forwarded to a company owned and controlled central
logging system
* Logs must be retained for 2 years"
and
"VII. Audit
A. Information Systems Logs
All information systems must keep accurate logs that provide the ability to
analyze, recreate or synchronize events that have taken place. Logs must be
forwarded to the enterprise-logging infrastructure."
Ron
On Jan 31, 2008 4:18 PM, Anton Chuvakin <anton at chuvakin.org> wrote:
> > If you know of a good resource, or tips on writing such a policy, please
> > let me know :)
>
> Actually, let's create this resource right here on the list out of
> responses (mine is coming later)
>
> This would be extremely useful for many people.
>
> --
> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
> http://www.chuvakin.org
> http://chuvakin.blogspot.com
> http://www.info-secure.org
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20080131/17206d08/attachment.html
More information about the LogAnalysis
mailing list