Q

How to prevent audit-logging system from storing passwords?

In this SearchSecurity.com Q&A, security pro Mike Rothman discusses several ways to prevent your audit systems from storing passwords or other personal information.

By policy mandates, my agency does not want our audit-logging system to store passwords or email message bodies. My fear is if a server isn't configured properly, it could do just that. Do you recommend combing through the active log file and removing any entries that violate policy, or should we simply accept that these violations will occur?
The answer to this question is both. The reality is some personal information and email will be logged. Whether it's a server configuration error, a user mistake or a design "feature." If an agency is going to aggressively log network and system activity, this kind of thing is going to happen.

So first, I'd question whether the "policy mandate" is realistic. If that's one of those "non-negotiable" types...

of policies, then the best bet is to work on configuring the organization's applications, servers and networks to prevent these kinds of issues. At first, it will be necessary to comb through the logs to figure out how and when sensitive data is captured, and then either fix the offending server, or stop pulling those log files. That sounds like a pretty simple answer, but I'm not a fan of making things more complicated than they need to be. I don't believe that tearing through log files ad infinitum is the right answer.

The last suggestion I'd make is to roll the logs frequently. Combing through log files is manual, non-leverageable and not the best use of time. If logs are only kept for a certain period of time, then the possibility of a violation actually happening -- meaning you get caught -- is relatively small. Of course, the window has to be long enough so in the event of an incident there's enough data to appropriately contain and remediate the issue.

For more information:

  • In this SearchSecurity.com Q&A, security expert Joel Dubin discusses the problems associated with storing void user IDs in an audit history.
  • Learn how to build a corporate culture of policy compliance.
  • This was last published in August 2007

    Dig Deeper on Data Privacy and Protection

    PRO+

    Content

    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close