摘要
系统中的各类日志文件作为系统和网络用户行为的记录管理者,对及早发现入侵行为、恢复系统、统计系统资源使用状况和为打击计算机犯罪提供电子物证有着极其重要的作用。因此,保护系统日志安全,不被内部用户或外部入侵者修改或删除显得尤为重要。但是,我们在制定网络信息安全策略时往往忽视系统日志安全,基本上还没有形成一套比较合理的系统日志安全管理方法。本文讨论了对各类系统日志文件进行集中式统一管理的问题,提出了对日志文件处理分析和完整性加密保护的办法,最后提出了相应的日志管理策略。
As the primary record keepers of systems and network user's activities, Logs are greatly important for finding intrusion activities, recovering systems, reporting usage statuses of system resources and offering electronic evidences to crack down on computer crimes. So it is vital to protect system logs without being modified or deleted by inside users or outside intruders. However, we always ignore system logs security when we establish the policy of network information security. Now there is no rational method of system logs security management. The paper discusses the problem of the centralized management of system logs, proposes a method of analysing log files and providing encrypted protection for their integrality. Finally, the corresponding policies of log management are presented.
出处
《计算机工程与科学》
CSCD
2003年第3期44-47,共4页
Computer Engineering & Science
基金
国家863计划资助项目(2001AA147010)
