Firewall Wizards mailing list archives

Re: "Dropsafe" logs

From: "Steven M. Bellovin" <smb () research att com>
Date: Thu, 08 Apr 1999 11:22:39 -0400

In message <199904081003.KAA12670 () idc057 IDC CTBTO ORG>, Scott Crawford writes:

Greetings --

We are seeking a means to implement real-time write-once "dropsafe" logs of o
ur 
firewall bastion in case of a system failure or a hacker trying to cover thei
r 
tracks.  Unfortunately, unless there's an alternative I'm not aware of, a CD-
R 
requires a complete disk image in ISO 9660 format to be burned into the 
writeable disk all at once, which means we either have to wait until we have 
nearly 640 MB of logfiles to write or waste an awful lot of writeable disk 
space.


You may need to redefine "waste".  30 seconds looking at the Web
shows a 3.2G IDE drive for ~$100, and 9G UltraSCSI for $400.

Sure, that's not free, and there are other constraints, such as open
bays and the like.  But it's likely to be cheaper than anything else
you do, especially if you count your time.  Consider -- for ~$500,
you can buy an entire PC, bring up a stripped-down Linux, and have several
gig of disk for log space.

"Hardware is free; people are expensive".

Current thread:

"Dropsafe" logs Scott Crawford (Apr 08)
- Re: "Dropsafe" logs Roelof JT Jonkman (Apr 08)
- Re: "Dropsafe" logs Jim Laverty (Apr 10)
- Re: "Dropsafe" logs Joseph S D Yao (Apr 10)
- <Possible follow-ups>
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 08)
- RE: "Dropsafe" logs Frank W. Keeney (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- RE: "Dropsafe" logs Russ (Apr 10)
- Re: "Dropsafe" logs Robert Graham (Apr 10)
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 10)
- Re: "Dropsafe" logs Info Security Office - ITS - Yale Univ. (Apr 10)