Re: [Syslog] [snia-security] Audit Logging SIG/TWG
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Syslog] [snia-security] Audit Logging SIG/TWG

Hi,
 
The IETF Syslog WG has been chartered to address security issues. The WG has almost completed its current work plan. Some of the features that have been included in the IETF syslog standards will probably be useful for audit logging purposes, such as increased message sizes, secure transport, structured data elements, and digitally signed messages,  http://www.ietf.org/dyn/wg/charter/syslog-charter.html
 
The WG is considering re-chartering to do additional work. Much of the proposed work relates to standardizing how syslog is used, and for standardizing some types of logging content.
 
The Syslog WG will be meeting at the upcoming IETF meeting (http://www.ietf.org/meeting/75/). Attached is a Powerpoint presentation that shows what topics are expected to be discussed. Proposals for additional work are welcome.
 
In the IETF, official work is done using mailing lists rather than face-to-face meetings. If anybody wishes to monitor or contribute to the discussion, here is where the official discussions occur:
General Discussion: syslog at ietf.org
To Subscribe: syslog-request at ietf.org
In Body: subscribe
Archive: http://www.ietf.org/mail-archive/web/syslog
 
Your input is welcome.
 
David Harrington
co-chair, Syslog WG

Standards Manager, HuaweiSymantec Technologies
dbharrington at comcast.net
ietfdbh at comcast.net
dharrington at huawei.com


 


From: Eric Hibbard [mailto:Eric.Hibbard at hds.com]
Sent: Friday, July 17, 2009 12:24 PM
To: mpeterson at snia-dmf.org
Cc: snia-security at snia.org; snia-ssif at snia.org
Subject: [snia-security] Audit Logging SIG/TWG

Michael,

 

I understand that you have expressed some interest in the area of audit logging and have floated the idea of forming a SIG or TWG for such an activity. I have a mixed reaction to this…on the one hand, the Security TWG has been advocating that storage ecosystems must participate in audit logging (as opposed to just health and fault logging)…on the flip side, we don’t see SNIA being a serious leader in this space (we’re about 3 years too late for that)…more like a consumer. However, the Security TWG considers this an important area and we’re more than happy to participate and/or support whatever surfaces.

 

In the spirit of sharing, you might want to take a look at the following resources:

 

·         SNIA docs – Storage Security best practices (http://www.snia.org/forums/ssif/programs/SNIATechnicalProposal-Security-BCPs.20080904.pdf) and the SNIA Logging Whitepaper (http://www.snia.org/forums/ssif/knowledge_center/white_papers/forums/ssif/knowledge_center/white_papers/SNIA-Logging-WP.050921.pdf); the whitepaper is being rewritten as week speak

·         IETF Syslog WG (http://tools.ietf.org/wg/syslog/) – The IETF has finally published multiple standards-track RFC related to Syslog, which is the primary protocol for all external/centralized logging. These RFC cover architecture, protocol, and security.

·         Mitre – Mitre has done some work with its Common Even _expression_ Taxonomy (CEET), which the Security TWG has been investigating as a possible way of “standardizing” message events so that the event log vendors could parse and react to them. Check out http://cee.mitre.org/ceelanguage.html

 

With the possible exception of PCI DSS, most of the drivers for this technology are indirect (i.e., monitor and respond, or establish and maintain accountability and traceability). This means that a certain amount of interpretation is required, and of course this leads to vendor hype and organizational indecision.

 

Best regards,

 

-Eric

 

Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP
CTO Security and Privacy

 

International Representative, INCITS TC CS1 Cyber Security

Vice Chair, American Bar Association – SciTech Law – eDiscovery & Digital Evidence Committee

Vice Chair, IEEE Information Assurance Standards Committee (IASC)

Member, SNIA Technical Council

Chair, SNIA Security Technical Work Group

Vice Chair, IEEE Security in Storage Work Group (P1619)

 

HITACHI DATA SYSTEMS
750 Central Expressway
Santa Clara, CA 95050-2627
P 408.970.7979/ C 408.314.0515
eric.hibbard@hds.com

 

Attachment: Syslog WG IETF75 Agenda.ppt
Description: MS-Powerpoint presentation

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.