Home > Ask the Security Experts > Network Security Questions & Answers > Should log traffic be encrypted?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Should log traffic be encrypted?

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 16 November 2006
How much effort should be put toward encrypting security log transmissions to protect data confidentiality? We're concerned about the overhead that encryption may impose on our systems.

>
EXPERT RESPONSE
Your question gets the honor of receiving my favorite answer to security questions: It depends! There really isn't a cut-and-dry answer to whether encryption should be used for log traffic (or any other traffic, for that matter). You need to ask yourself a few questions:

  • What data is contained in the log files?
  • Do they contain confidential information?
  • Do they contain data that would assist someone attempting to compromise your system?
  • Where is the transmission taking place? Is it on a secured internal network, or are the logs being sent over a public network?

    • If you're dealing with extremely confidential logs or ones that traverse public networks, encryption is most likely worth the expense. Otherwise, it may not be necessary.

    More information:

  • Look before leaping into database encryption.
  • Take the pain out of log analysis.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    What warning signs will indicate the presence of a P2P botnet?
    What reporting tools are available for an enterprise IDS?
    Is it possible to allow select access to IP addresses using Windows Server 2003?
    Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
    What are best practices for creating an IDS and maintaining a signature database?
    What are the best ways to hide system information from network scanning software?
    What are the security risks of opening all the ports on an internal router?
    Will Cisco's plan to open access to the IOS improve network security?
    Will VoIP attacks result in more than just spam?
    Should enterprises implement a mandatory iPhone VPN?

    Disk Encryption and File Encryption
    Encryption no longer an optional technology
    Oracle DBAs cite lack of security measures
    IBM offers hardware-based encryption for x servers
    Crypto landmark Bletchley Park in danger of closing
    What does the future of the endpoint encryption market look like?
    PCI DSS 1.2 clarifies wireless, antivirus use
    Sophos to acquire mobile data protection company Utimaco
    How can 'DRAM remanence' compromise encryption keys?
    Growing Mac use prompts call for better security
    Websense, Reconnex top Forrester ranking of DLP vendors

    Identity Theft and Data Security Breaches
    Verizon breach study identifies industry specific threats
    Encryption no longer an optional technology
    Hackers can target embedded smart card chips
    Forever 21 security breach compromises nearly 99,000 payment cards
    PCI is about eliminating data, not securing it, former QSA says.
    Web security threats gaining attention at many companies
    Data breach discovery, disclosure outpaces 2007
    Quiz: Data loss prevention
    TJX hacking ring charged in federal indictment
    Security data lapses hamper researchers

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    Advanced Encryption Standard  (SearchSecurity.com)
    data key  (SearchSecurity.com)
    Encrypting File System  (SearchSecurity.com)
    Escrowed Encryption Standard  (SearchSecurity.com)
    International Data Encryption Algorithm  (SearchSecurity.com)
    network encryption  (SearchSecurity.com)
    output feedback  (SearchSecurity.com)
    quantum cryptography  (SearchSecurity.com)
    Quiz: Cryptography  (SearchSecurity.com)
    Rijndael  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts