Remotely monitoring security

To: debian-security@lists.debian.org
Subject: Remotely monitoring security
From: Mark Devin <mdevin@ozemail.com.au>
Date: 17 May 2003 15:25:58 +1000
Message-id: <1053149158.6115.33.camel@flathead>

I need to come up with some solutions for remotely monitoring the
security of a server which is off-site.  There is no direct connection
from the main office to this box except using the internet backbone.

I see two immediate issues:

1.  I need to setup some method for receiving system logs from the
server. I can setup syslog to send logs to one of our office computers. 
However, I am concerned that the logs should be encrypted.  Maybe
setting up ipsec?, or using stunnel?  Although I thought stunnel was
only for TCP connections and syslog uses UDP?

2.  Also, I need to setup some intrusion detection system like AIDE or
Tripwire.  I don't have physical access to the machine so how can I be
sure that the AIDE program has not itself been compromised and thus
giving me a false sense of security.  I can't for example, burn it to
CDROM and run it from CD.  Everything has to be done remotely.  Should I
look at LIDS instead?  Can ipsec help me with this too?  How can I run
the AIDE executable from a trusted source and ensure its database
remains trusted?  Maybe an encrypted filesystem can be used to store the
AIDE binary and database, but if so, does anyone have any pointers?

Regards.
Mark.

Reply to:

Follow-Ups:
- Re: Remotely monitoring security
  - From: Phillip Hofmeister <plhofmei@ip3inc.com>

Prev by Date: Re: /etc/hosts on a router
Next by Date: Re: Does anybody knows of this security problem in the kernel?
Previous by thread: Re: /etc/hosts on a router
Next by thread: Re: Remotely monitoring security
Index(es):
- Date
- Thread