Home
Topics
Security Audit, Compliance and Standards
Data Privacy and Protection
How to prevent audit-logging system from storing passwords?

How to prevent audit-logging system from storing passwords?

Mike Rothman, past SearchSecurity.com expert

By policy mandates, my agency does not want our audit-logging system to store passwords or email message bodies. My fear is if a server isn't configured properly, it could do just that. Do you recommend combing through the active log file and removing any entries that violate policy, or should we simply accept that these violations will occur?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

The answer to this question is both. The reality is some personal information and email will be logged. Whether it's a server configuration error, a user mistake or a design "feature." If an agency is going to aggressively log network and system activity, this kind of thing is going to happen.

So first, I'd question whether the "policy mandate" is realistic. If that's one of those "non-negotiable" types of policies, then the best bet is to work on configuring the organization's applications, servers and networks to prevent these kinds of issues. At first, it will be necessary to comb through the logs to figure out how and when sensitive data is captured, and then either fix the offending server, or stop pulling those log files. That sounds like a pretty simple answer, but I'm not a fan of making things more complicated than they need to be. I don't believe that tearing through log files ad infinitum is the right answer.

The last suggestion I'd make is to roll the logs frequently. Combing through log files is manual, non-leverageable and not the best use of time. If logs are only kept for a certain period of time, then the possibility of a violation actually happening -- meaning you get caught -- is relatively small. Of course, the window has to be long enough so in the event of an incident there's enough data to appropriately contain and remediate the issue.

For more information:

In this SearchSecurity.com Q&A;, security expert Joel Dubin discusses the problems associated with storing void user IDs in an audit history.

Learn how to build a corporate culture of policy compliance.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in August 2007

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Cloud Security
Security Channel
SMB Security
Financial Security
Security UK
Security AU
Security IN

Cloud Security
- The other cloud atlas: Building a cloud service provider inventory
  
  Struggling with rogue cloud usage? Ed Moyle explains how and why a cloud service provider inventory can help manage multiple cloud service providers.
- How to develop cloud applications based on Web app security lessons
  
  Expert Dave Shackleford details how to build cloud applications based on typical Web app security flaws and cloud provider tools and platforms.
- Report suggests cloud security concerns are overblown
  
  A study by Alert Logic downplays cloud security concerns when compared to traditional IT infrastructure, but indicates Web app attacks are a problem.
Security Channel
- Websense Partner Program
  
  Learn about bandwidth management vendor Websense's partner program in this standardized checklist.
- Tripwire, Inc. Partner Program
  
  Learn more about configuration control software vendor Tripwire, Inc.'s partner program in this standardized checklist.
- Configuring privilege levels
  
  This section of the chapter excerpt focuses on supporting multiple administrative levels of router configuration.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- Cybergang plans to use Trojan against U.S. banks
  
  A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA.
- Improved Shylock Trojan targets banking users
  
  The latest variant of the banking Trojan is causing numerous problems, Symantec said.
- Tilon financial malware targets banks via MitB attack, Trusteer finds
  
  Tilon is related to the Silon malware detected in 2009. It uses a man-in-the-browser attack to capture form submissions and steal credentials.
Security UK
- Infosecurity 2012: IPv6 challenges to network security
  
  In this video interview, Ian Kilpatrick of Wick Hill discusses the IPv6 challenges that small and medium businesses are just beginning to address.
- Apache DDoS vulnerability requires immediate update to avoid threat
  
  Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.
- Learn how to utilize a free spam-filtering service for your SMB
  
  Learn how a Web-based free spam-filtering service can secure email and prevent spam from attacking your enterprise.
searchSecurityAU
- Two 'critical' bulletins planned for April 2013 Patch Tuesday
  
  Microsoft plans to issue nine bulletins for its April 2013 Patch Tuesday release, including two "critical" fixes for Internet Explorer and Windows iterations.
- How to develop cloud applications based on Web app security lessons
  
  Expert Dave Shackleford details how to build cloud applications based on typical Web app security flaws and cloud provider tools and platforms.
- Assumption of breach: How a new mindset can help protect critical data
  
  By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains.
Information Security
- IT pros must be responsible for cloud data security needs
  
  Although IT cedes some control by using public cloud, cloud data security ultimately falls on the organization -- not the vendor.
- Assumption of breach: How a new mindset can help protect critical data
  
  By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains.
- Research highlights speed, frequency of ICS security attacks
  
  A new Trend Micro study using honeypots for research highlights an alarming number and variety of attempted ICS security breaches.

All Rights Reserved,Copyright 2000 - 2013, TechTarget