[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auditing
I have to say that after some further thought, if you HAVE logging
facilities, you MUST audit. This, I guess, puts me in violent agreement with
Bill.
I keep having this sinking feeling that there might be some class of attack
that can only get caught by auditing/logging. Anyone care to comment on
this?
And speaking of Bill, he mentions...
> Of course, this means that outbound (and inbound) logging traffic
> needs to be treated the same way as key management traffic, bypassing
> any ipsec policy engine which might trigger the creation or use of a
> security association...
I'll insert a plug for draft-mcdonald-simple-ipsec-api-01.txt, which includes
such a BYPASS setting for privileged applications.
Dan
References:
- Re: auditing
- From: Bill Sommerfeld <sommerfeld@apollo.hp.com>