Q

How to prevent audit-logging system from storing passwords?

In this SearchSecurity.com Q&A, security pro Mike Rothman discusses several ways to prevent your audit systems from storing passwords or other personal information.

This Content Component encountered an error
By policy mandates, my agency does not want our audit-logging system to store passwords or email message bodies. My fear is if a server isn't configured properly, it could do just that. Do you recommend combing through the active log file and removing any entries that violate policy, or should we simply accept that these violations will occur?
The answer to this question is both. The reality is some personal information and email will be logged. Whether it's a server configuration error, a user mistake or a design "feature." If an agency is going to aggressively log network and system activity, this kind of thing is going to happen.

So first, I'd question whether the "policy mandate" is realistic. If that's one of those "non-negotiable" types of policies, then the best bet is to work on configuring the organization's applications, servers and networks to prevent these kinds of issues. At first, it will be necessary to comb through the logs to figure out how and when sensitive data is captured, and then either fix the offending server, or stop pulling those log...

files. That sounds like a pretty simple answer, but I'm not a fan of making things more complicated than they need to be. I don't believe that tearing through log files ad infinitum is the right answer.

The last suggestion I'd make is to roll the logs frequently. Combing through log files is manual, non-leverageable and not the best use of time. If logs are only kept for a certain period of time, then the possibility of a violation actually happening -- meaning you get caught -- is relatively small. Of course, the window has to be long enough so in the event of an incident there's enough data to appropriately contain and remediate the issue.

For more information:

  • In this SearchSecurity.com Q&A, security expert Joel Dubin discusses the problems associated with storing void user IDs in an audit history.
  • Learn how to build a corporate culture of policy compliance.
  • This was first published in August 2007

    Dig deeper on Data Privacy and Protection

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close