๐ Encrypting local syslog traffic?
๐ก Newskategorie: Linux Tipps
๐ Quelle: reddit.com
Security audit team is citing us for not encrypting logs for our local traffic, which resides behind a Firewall sitting in an isolated network behind another firewall. We are using Graylog and they are saying we need to set it up to use TCP+TLS which is obviously doable but i'm trying to figure out why. To me this is a non-issue and they are just citing AU-09 of NIST800-53 as a reason:
" AU-09: The information system protects audit information and audit tools from unauthorized access, modification, and deletion"
I've always read that control as referring to data at rest on the system, since it references tools as well. But they said that MP-2 is for that. Does anyone actively do this in their corp environments and can provide a justifiable reason? It's silly and cumbersome to me if the logs are not going out of network, and if someone is actively sniffing all the logs they have popped the log server or a system on it's VLAN and we have WAAAAAAY bigger issues then them sniffing out a few logs.
[link] [comments] ...