23 Mar
2004
23 Mar
'04
3:19 a.m.
On Wed, 24 Mar 2004 08:59, James Riden wrote:
Robert McDonald
writes: If such a law exists its rather pointless unless for defending false claims. If you were to get hacked/unauthorised access and need to provide evidence surely the offender would have removed that from the logs, or the logs alltogether. Therefor puting you in a position of breaking the law?
Or have I missed the point on keeping logs entirely.
Don't keep the logs on the same box(es) you're monitoring. Otherwise, as you say, you can't trust them in the event of a compromise.
A line printer kept in a locked room with lots and lots of fanfold paper. Seriously. Twink would be noticed even on casual inspection.