RE: "Dropsafe" logs

[Russ () cooper com]

Plextor and many other companies now support DirectCD, which does exatly
what you are asking for.  You can write to the CD just as if it were a hard
drive.  You can either keep the cd in "write" mode indefinitely (where some
older drives may have trouble reading it, or you can "close" the session
after some period of time, making it read-only (and ISO standard).  It is a
super fast drive (the best one is 8x write).  Check out the PlexWriter 8/20
at www.plextor.com.

Russ

-----Original Message-----
From: Scott Crawford [mailto:Scott.Crawford () IDC CTBTO ORG]
Sent: Thursday, April 08, 1999 3:03 AM
To: firewall-wizards () nfr net
Subject: "Dropsafe" logs


Greetings --

(My mail agent crashed without having logged the send when I attempted to
send 
this before and it hasn't shown up on the list yet, so this *should* be the 
first time I'm posting this question, but apologies if not.)

We are seeking a means to implement real-time write-once "dropsafe" logs of
our 
firewall bastion in case of a system failure or a hacker trying to cover
their 
tracks.  Unfortunately, unless there's an alternative I'm not aware of, a
CD-R 
requires a complete disk image in ISO 9660 format to be burned into the 
writeable disk all at once, which means we either have to wait until we have

nearly 640 MB of logfiles to write or waste an awful lot of writeable disk 
space.  We have no operational experience with MO drives here, nor would we
want 
to risk those models where write-once settings can be turned off in
software. 
Sending output to a line printer is not an attractive option, nor is keeping

around a machine that would otherwise be junk just to monitor, for example, 
serial line output from the bastion host and dump terminal sessions a few kb
at 
a time to a permanent logfile.

What are others doing to maintain real-time write-once copies of firewall
logs?  
Is there write-once media to which data can be written in realtime (i.e.
like a 
real filesystem)?

AdTHANKSvance,
Scott Crawford