Firewall Wizards mailing list archives
RE: "Dropsafe" logs
From: Russ () cooper com
Date: Thu, 8 Apr 1999 13:44:05 -0700
Plextor and many other companies now support DirectCD, which does exatly what you are asking for. You can write to the CD just as if it were a hard drive. You can either keep the cd in "write" mode indefinitely (where some older drives may have trouble reading it, or you can "close" the session after some period of time, making it read-only (and ISO standard). It is a super fast drive (the best one is 8x write). Check out the PlexWriter 8/20 at www.plextor.com. Russ -----Original Message----- From: Scott Crawford [mailto:Scott.Crawford () IDC CTBTO ORG] Sent: Thursday, April 08, 1999 3:03 AM To: firewall-wizards () nfr net Subject: "Dropsafe" logs Greetings -- (My mail agent crashed without having logged the send when I attempted to send this before and it hasn't shown up on the list yet, so this *should* be the first time I'm posting this question, but apologies if not.) We are seeking a means to implement real-time write-once "dropsafe" logs of our firewall bastion in case of a system failure or a hacker trying to cover their tracks. Unfortunately, unless there's an alternative I'm not aware of, a CD-R requires a complete disk image in ISO 9660 format to be burned into the writeable disk all at once, which means we either have to wait until we have nearly 640 MB of logfiles to write or waste an awful lot of writeable disk space. We have no operational experience with MO drives here, nor would we want to risk those models where write-once settings can be turned off in software. Sending output to a line printer is not an attractive option, nor is keeping around a machine that would otherwise be junk just to monitor, for example, serial line output from the bastion host and dump terminal sessions a few kb at a time to a permanent logfile. What are others doing to maintain real-time write-once copies of firewall logs? Is there write-once media to which data can be written in realtime (i.e. like a real filesystem)? AdTHANKSvance, Scott Crawford
Current thread:
- "Dropsafe" logs Scott Crawford (Apr 08)
- Re: "Dropsafe" logs Roelof JT Jonkman (Apr 08)
- Re: "Dropsafe" logs Jim Laverty (Apr 10)
- Re: "Dropsafe" logs Joseph S D Yao (Apr 10)
- <Possible follow-ups>
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 08)
- RE: "Dropsafe" logs Frank W. Keeney (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- RE: "Dropsafe" logs Russ (Apr 10)
- Re: "Dropsafe" logs Robert Graham (Apr 10)
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 10)
- Re: "Dropsafe" logs Info Security Office - ITS - Yale Univ. (Apr 10)