17.1. Protecting Against Log-Altering Attacks

Log file security starts by protecting the files from being altered. Because log files are stored as plain text files it is very easy for an attacker who has gained access to a system to edit the log files and cover his or her tracks.

There are multiple methods to secure log files. These methods can be used alone, or in conjunction with others. The more log file security methods used, the more secure the logging infrastructure of the network will be.

Whenever possible, the logs from all network devices should be directed to a separate server. Most network devices, including routers, switches, firewalls, and servers, have the capability to do this. Storing log files on a secured remote server that ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.