出版社:International Association for Computer Information Systems
摘要:Network security is one of the major issues facing IS today. Securing a network from unauthorized intrusion and detecting unauthorized intrusion are vitally important to ensure that information on the network is free from malicious corruption. Preventing unauthorized access to a network is not always possible. Consequently, the ability to detect a network intrusion is of paramount importance. Log files are one of the means used by system administrators to detect intrusions. However, experienced hackers will often erase the log files. While this proves that network security has been penetrated, it leaves no details on how the hacker entered the system or what he accomplished. Even worse, the experienced hacker can replace the log files with a file showing normal network traffic flows. In this case, it is impossible to detect network intrusion using the log files. Therefore, the log files must be protected to be of any use in network security. This paper will discuss the best practices to use to secure the network system logs. The different methods will range from the least secure to the most secure, often depending on the number of safeguards being employed. These safeguards have been taken from academic research, current business implementations, and our own research.
