[2936] in WWW Security List Archive
Re: server protection
daemon@ATHENA.MIT.EDU (David W. Morris)
Fri Sep 13 00:23:09 1996
Date: Thu, 12 Sep 1996 19:17:04 -0700 (PDT)
From: "David W. Morris" <dwm@shell.portal.com>
To: www-security@ns2.rutgers.edu
In-Reply-To: <9609121356.AA17006@chip.iphase.com.iphase.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 12 Sep 1996, Patrick Larkin Jr wrote:
> Put everything but your log files on an external disk with a
> HARDWARE write protect switch! Then, they'll have to gain physical
> access before they can change the content.
If you application demands this level of paranoia, then the log files
should be implemented via some form of write only media ... the
easiest current technology is a serial port between the network connected
machine and another standalone system. The standalone system simply writes
the data from the port to a disk ... but once received by the logger, it
can't be altered.
