17.1. Protecting Against Log-Altering Attacks
Log file security starts by protecting the files from being altered. Because log files are stored as plain text files it is very easy for an attacker who has gained access to a system to edit the log files and cover his or her tracks.
There are multiple methods to secure log files. These methods can be used alone, or in conjunction with others. The more log file security methods used, the more secure the logging infrastructure of the network will be.
Whenever possible, the logs from all network devices should be directed to a separate server. Most network devices, including routers, switches, firewalls, and servers, have the capability to do this. Storing log files on a secured remote server that ...