Presentation is loading. Please wait.

Presentation is loading. Please wait.

47th IETF - Adelaide Chris Lonvick

Published byLenard Richard Modified over 6 years ago

Similar presentations

Presentation on theme: "47th IETF - Adelaide Chris Lonvick"— Presentation transcript:

1 47th IETF - Adelaide Chris Lonvick clonvick@cisco.com
Syslog BoF 47th IETF - Adelaide Chris Lonvick

2 Agenda Agenda bashing Introduction and Level Setting -30 minutes
Definition, Use and History Perceived Weaknesses Goals of a Secure Syslog Working Group -20 minutes Proposed Charter and Subsequent Bashing Proposed Deliverables, Timetable and Subsequent Bashing

3 Syslog Use Event Notification
Common OS devices (e.g. Unix, Linux, NT, etc) and their applications Routers Switches Firewalls Printers Thin clients

4 Generally Accepted Syslog Packet Contents
Facility & Severity (required) Time (usual) Message (required)

5 Syslog Protocol UDP/514 Stateless between the “Client” and “Server”
No authentication of sender nor reciprocal authentication of receiver No acknowledgement of receipt No coordinated timestamping No standardized (or even suggested) message content or format

6 Syslog Protocol Potential Vulnerabilities (1)
An Attacker may transmit messages (either from the machine that the messages purport to be sent from, or from any other machine) to a server to: fill the disk or otherwise overwhelm the server hide the true nature of an attack amidst many other messages give false indications of events

7 Syslog Protocol Potential Vulnerabilities (2)
An Attacker may disable syslog message transmissions from a device to hide an attack on, or the compromise of the device

8 Syslog Protocol Potential Vulnerabilities (3)
An Attacker may view, delete, modify, or redirect syslog messages while in transit to hide activities modify event times insert fictitious events determine the status of a machine/application

9 syslog References in RFCs
RFC 1060/1340/1700 Assigned numbers - J.K. Reynolds, J. Postel RFC 1244/2196 Site Security Handbook - J.P. Holbrook, J.K. Reynolds / B. Fraser RFC Common DNS Operational and Configuration Errors - D. Barr RFC Classical versus Transparent IP Proxies - M. Chatel RFC Router Renumbering Guide - H. Berkowitz RFC Network Security For Trade Shows - A. Gwinn RFC Review of Roaming Implementations - B. Aboba, J. Lu, J. Alsop, J. Ding, W. Wang RFC DOCSIS Cable Device MIB Cable Device Management Information Base for DOCSIS compliant Cable Modems and Cable Modem Termination Systems M. St. Johns, Ed.

10 Solvable Problems Message Authentication Message Integrity
Feedback mechanism for verifiable receipt Confidentiality may be delivered through SSL/TLS or IPSec

11 Solutions Requirements
Focus on the protocol Message content is outside the scope of this charter Deployment must not interrupt the existing mechanism

12 Goals of a Secure Syslog Working Group
Proposed WG Charter

13 Description Syslog is a de facto standard for logging system events. However, the protocol component of this event logging system has not been formerly documented. While the protocol has been very useful and scaleable, it has some known but undocumented security problems. For instance, the messages are unauthenticated and there is no mechanism to provide verified delivery and message integrity. The goal of this working group is to document and address the security and integrity problems of the existing Syslog mechanism. In order to accomplish this task we will document the existing protocol. The working group will also explore and develop a standard to address the security problems. Message authentication can be addressed in well-known ways using shared secrets or public keys. Because an important component of any solution will be the ease of transition from the existing mechanism, we will initially explore the use of shared secrets within the existing protocol with the intent of not impacting non-participants. Verifiable delivery, message integrity and authentication can also be explored in a tcp-based message delivery protocol.

14 Goals and Milestones May Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as a Standards Track RFC. Jul Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC. Aug Post as an Internet Draft the specification for an authenticated Syslog with verifiable delivery and message integrity for consideration as a Standards Track RFC. Dec Revise drafts as necessary and advance these Internet Drafts to Standards Track RFCs.

Download ppt "47th IETF - Adelaide Chris Lonvick"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,

IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.

BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Internet A simple introduction 400410048 黃韻文 400410082 申逸慈.

Internet A simple introduction 黃韻文 申逸慈.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
IPv6 WORKING GROUP (IPv6 a.k.a. IPNGWG) August 2001 London IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.

IPv6 WORKING GROUP (IPv6 a.k.a. IPNGWG) August 2001 London IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.
CONEX BoF. Welcome to CONEX! Chairs: –Leslie Daigle –Philip Eardley Scribe Note well.

CONEX BoF. Welcome to CONEX! Chairs: –Leslie Daigle –Philip Eardley Scribe Note well.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.

ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
GEONET Brainstorming Document. Content Purpose of the document Brainstorming process / plan Proposed charter Assumptions Use cases Problem description.

GEONET Brainstorming Document. Content Purpose of the document Brainstorming process / plan Proposed charter Assumptions Use cases Problem description.
IS3220 Information Technology Infrastructure Security

IS3220 Information Technology Infrastructure Security

Similar presentations

Ads by Google