Data logging means the procurement of information for understanding and learning more about a process or system. A data logger is any device that can be connected to other devices for the sole purpose of collecting information.
The logging of information increased knowledge of how different processes work, for example, there are many loggers archive information such as temperature using sensors and then convert the information into electrical signals. After the archived the data and once retrieved, it can be easily filtered and easily understood. Another example, if any person in a supermarket for shopping and try to use his or her credit card to pay for something he or she buy, a data logging device may track his or her pending movements by the store. It can assess which items he or she has bought, how many times a month a person buy them and even, how many times he or she visit that store for shopping.
According to the text, few of many recent U.S. laws have clauses related to audit logging are the Health Insurance Portability and Accountability Act (HIPAA), where it covers logging and monitoring controls for systems that contain a patient’s protected health information (PHI). Centralized event logging across a variety of systems and applications, along with its analysis and reporting, all provide information to demonstrate the presence and effectiveness of the security controls implemented by organizations. These practices also help identify, reduce the impact of, and remedy a variety of security weaknesses and breaches in the organization. The importance of logs for regulatory compliance will only grow as other standards (such as PCI DSS, ISO2700x, ITIL, and COBIT) become the foundations of new regulations that are sure to emerge. System log files produced by Unix, Linux, and Windows systems are different from network device logs produced by routers, switches, and other network gear from Cisco, Nortel, and Lucent. Similarly, security appliance logs produced by firewalls, intrusion detection or prevention systems, and messaging security appliances are very different from both system and network logs.
Challenges with Logs
Too much data - Hundreds of firewalls and thousands of desktop applications have the potential to generate millions of records every day, the reason behind the log volume is getting higher every day due to increasing bandwidth and connectivity. The sheer volume of log messages can force analysis to take significant time and computing resources.
Not enough data - The processing of event responses could be hindered because the security device could not record essential data, or because the administrator did not anticipate the need to collect it.
Poor information delivery - Many logs just do not have the right information.
False positives - These are common in network intrusion detections systems (NIDS), wasting administrators’ time and occluding more important information that may indicate real problems.
Hard-to-get data - For technical reasons, data is frequently unavailable to the person who can benefit from analyzing it, undercutting log management projects.
Redundant and inconsistent data - Redundant data comes from multiple devices recording the same event, and confusion can arise from the different ways they record it.
Heterogeneous IT environments - boost some of the preceding problems as well as bring forth new ones. For example, more peculiar file formats need to be understood and processed to get to the big picture. Volume gets out of control, NIDSs get confused by what they’re monitoring, and custom application logs complicate this already complex problem dramatically.
The text also talked about the demilitarized zone or DMZ. DMZ could be any small network could be inserted as a neutral zone between a company's private network and the outside public network. DMZ allowed users from outside to get access to a server that has company data. A DMZ considers as a secure approach to a firewall and effectively acts as a proxy server. For example, a DMZ configuration for a small company could be a separate computer receives requests from the company employees within the private network to access to other companies accessible on the public network or specific website(s). Then the DMZ initiates sessions for these employees’ requests on the public network. The DMZ is not able to initiate a session back into the private network. It can only forward packets that have already been requested. Cisco is one company that sells products designed for setting up a DMZ
References
GlobalSCAPE . (2004). DMZ Gateway. Retrieved on February 08, 2011 from http://help.globalscape.com/help/guides/GlobalSCAPE_DMZ_Gateway_User_Guide.pdf OramA & Viega J (2009). Beautiful Security. O’Reilly Media Inc., Sebastopol CA.
VMware BEST PRACTICES. DMZ Virtualization with VMware Infrastructure. Retrieved on February 08, 2011 from http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf 
No comments:
Post a Comment