jaydeltathree

Bace: Ch 1--History of Intrusion Detection

I understand that just as the basis of intrusion response is intrusion detection, the basis of intrusion detection is audit. She defines audit as the process of generating, recording, and reviewing a chronoligical record of system events (page 7). The Tan Book states that one of the goals of an audit mechanism is to provide assurance that attempts to bypass the system will be recorded and discovered. This made me think again of my idea to have duplicate logs on multiple systems, as many systems as the security administrator can get his hands on. I'm thinking that it wouldn't be too much trouble to send logs to about half a dozen systems, and an intruder would be hard pressed to delete logs from all of them. At the very least it would take a lot of time. But could the mechanism that facilitates sending the logs itself make the recipients vulnerable to attack?