Ask the Expert

How to prevent audit-logging system from storing passwords?

By policy mandates, my agency does not want our audit-logging system to store passwords or email message bodies. My fear is if a server isn't configured properly, it could do just that. Do you recommend combing through the active log file and removing any entries that violate policy, or should we simply accept that these violations will occur?

    Requires Free Membership to View

The answer to this question is both. The reality is some personal information and email will be logged. Whether it's a server configuration error, a user mistake or a design "feature." If an agency is going to aggressively log network and system activity, this kind of thing is going to happen.

So first, I'd question whether the "policy mandate" is realistic. If that's one of those "non-negotiable" types of policies, then the best bet is to work on configuring the organization's applications, servers and networks to prevent these kinds of issues. At first, it will be necessary to comb through the logs to figure out how and when sensitive data is captured, and then either fix the offending server, or stop pulling those log files. That sounds like a pretty simple answer, but I'm not a fan of making things more complicated than they need to be. I don't believe that tearing through log files ad infinitum is the right answer.

The last suggestion I'd make is to roll the logs frequently. Combing through log files is manual, non-leverageable and not the best use of time. If logs are only kept for a certain period of time, then the possibility of a violation actually happening -- meaning you get caught -- is relatively small. Of course, the window has to be long enough so in the event of an incident there's enough data to appropriately contain and remediate the issue.

For more information:

  • In this Q&A, security expert Joel Dubin discusses the problems associated with storing void user IDs in an audit history.
  • Learn how to build a corporate culture of policy compliance.
  • This was first published in August 2007

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: