[837] in Intrusion Detection Systems
Re: Remote Logging
daemon@ATHENA.MIT.EDU (Anton Bouwer)
Wed Jan 8 11:32:17 1997
Date: Tue, 07 Jan 1997 08:11:59 -0800
From: Anton Bouwer <anton@iafrica.com>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
Gene Spafford wrote:
>
> [ Moderator Note: This message was previously truncated - due to a period `.'
> incorrectly placed at the begginging of a line. Computer Risks B) ]
>
> > I caught some of the conversation on audit trails and the likes, and wanted
> > to know if anyone knows any FAQ's, web pages, or books..etc, that explain a
> > bit on how one could have local log files, and also log the same info
> > remotely, making it a great deal harder for an intruder to erase his prescense.
> >
I used a book by W. Cheswick and S Bellovin, 'Firewalls and Internet
Security: Repelling the Wily Hacker' in some research I did. It is quite
informative and the authors, (from AT&T), clearly have a sound working
knowledge of Unix/Internet/Security etc. This book also provided me with
many links to other information/sites.
One of the authors, Bill Cheswick, has a web page where you could
contact him for more info:
http://www.lucent.com/Family/Docs/bill2.html
Anton Bouwer
