ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Companies trip up on log tests

Peter Judge ZDNet.co.uk

Published: 13 Nov 2002 15:48 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

In the event of a security breach, the vast majority of companies would find that the logfiles their systems keep are not good enough to nail the trouble, according to a European security testing firm.

"Twenty percent of companies are nearly there," said Roy Hills, technical director at NTA Monitor. "We've never found anyone who is doing it all completely right, but these people would probably make it through a crisis. The vast majority of companies don't have enough log information for an audit trail."

The company has carried out 1500 tests at customer premises, and found that the lack of logs would make it very difficult for the majority of them to respond to security scares, or abuse inside the company.

Most enterprise IT networks are made up from a variety of different hardware and software products, which carry out logging in different ways. To provide an audit trail, companies should make sure that all the logs are turned on. The systems should also be time-synchronised, said Hills, so that IT managers can tie logs together, and prove that a dubious query on the SQL database must have come during a particular breach of the firewall, or when a suspect worker was online.

Users are failing to log because they don't have time, or don't see the need, not because of the expense, said Hills: "Finance is no barrier to logging. Disk storage is dirt cheap, and time synchronisation is available for free on the Internet."

"Logs and audit trails are important to protect against legal action," said Nigel Miller, a partner at Fox Williams solicitors, president of the International Federation of Computer Law Associations. Current legislation makes users responsible for data protection violations carried out using their data by hackers -- being able to trace the source of any problems could be very useful in the long term.

More enterprise IT news in ZDNet UK's Tech Update Channel.

For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
43 out of 84 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Change Online Business Analyst - 45k London

Project Administrator - East Midlands - Contract

Project Support Officer East Midlands Local Government

Sentry Posts Blog

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Government launches new e-crime unit

Ok, so this is outside of my main area of focus of sustainable and green tech but I do track some security issues too. I was at a meeting last week with Microsoft's security advisor... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers