[IDS] Hardcopy device logging doc

[IDS] Hardcopy device logging doc

[IDS] Hardcopy device logging doc

Brian Smithson brian.smithson at ricoh-usa.com
Mon Jun 7 21:56:05 UTC 2010


Good work, it will be interesting to discuss.

One thing to add to the "regulatory" heap is ISO 27001. Although itself
is not a regulation, it is a fairly widely used standard for security
management. It has controls for audit logging and protection of logs. It
says that audit logs should include, when relevant:
> a) user IDs;
> b) dates, times, and details of key events, e.g. log-on and log-off;
> c) terminal identity or location if possible;
> d) records of successful and rejected system access attempts;
> e) records of successful and rejected data and other resource access
> attempts;
> f) changes to system configuration;
> g) use of privileges;
> h) use of system utilities and applications;
> i) files accessed and the kind of access;
> j) network addresses and protocols;
> k) alarms raised by the access control system;
> l) activation and de-activation of protection systems, such as
> anti-virus systems and
> intrusion detection systems.
For protection, it focuses on integrity, not confidentiality:
> a) alterations to the message types that are recorded;
> b) log files being edited or deleted;
> c) storage capacity of the log file media being exceeded, resulting in
> either the failure to
> record events or over-writing of past recorded events.

Brian Smithson
PM, Security Research
Advanced Imaging and Network Technologies
Ricoh Americas Corporation

Randy Turner wrote:
> Hi All,
> I had an action item (one of many I understand) to generate some thoughts on my earlier proposal for work on a common log format for hardcopy devices.  Attached is a PDF doc with a brain-dump of what I'm thinking at the moment on this topic.
> Let me know what you think.
> if any of the security-related aspects of this doc intersect or overlap with what is documented in any of the p2600 work, please let me know.
> Thanks!
> Randy
> ------------------------------------------------------------------------
> _______________________________________________
> ids mailing list
> ids at pwg.org
> https://www.pwg.org/mailman/listinfo/ids

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20100607/816968ff/attachment-0001.html>

More information about the ids mailing list