- Significant increase in BalaBit2008.08.25 01:37
- Regulatory compliance and system logging2008.08.01 05:08
- A new whitepaper is available from our webpage.
Operating systems, applications, and network devices generate text messages of various events that happen
to them: a user logs in, a file is created, a network connection is opened to a remote host, etc. These messages, called log messages, are usually stored in a file on the local hard disk of the system.
Log messages provide important information about the events of the network, the devices, and the applications running on these devices. The centralized processing of log messages is can be used to detect security incidents, operational problems, and to prevent and detect other malicious or unauthorized activities. For these reasons, audits and regulations, have strict requirements on the handling of log messages. Collecting and analyzing log messages is required directly or indirectly by several regulations, including the Sarbanes-Oxley Act (SOX), the Basel II Accord, the Health Insurance and Portability Act (HIPAA), or the Payment Card Industry Data Security Standard (PCI-DSS).
The recently released whitepaper discusses the importance of centralized logging and advantages of using syslog-ng Premium Edition to collect system log (syslog) and eventlog messages in compliance with regulations.
The readers will learn the basics of system logging, the logging requirements of different regulations (PCI-DSS, COBIT 4.1, and HIPAA), and various product features that are useful when designing and implementing centralized logging systems.
The document is recommended for technical experts and decision
makers working on implementing centralized logging solutions, but anyone with basic networking knowledge can fully understand its contents.
Download
- Regulatory compliance and system logging
- op5 and BalaBit syslog-ng join forces for optimal log handling and traceability2008.08.01 04:18
- Zorp 3.3 2008.06.16 04:48
- The last piece of the Zorp 3 series is finished
The most important stage of the development of the Zorp firewall renewing the network boundary protection has been the launch of series 3. If the examination of encrypted channels or the integration of content filtering or the audit of administrative protocols is considered, this Hungarian solution has introduced numerous functions to the market that are already widespread all over the world nowadays.
Version 3.3 that has lately appeared finished off this Hungarian market leader large enterprise solution. The enhanced management surface, the extended audit capabilities and the newly appeared proxies assure the technological leadership for the Hungarian developed firewall.
BalaBit IT Security, whose headquarters are in Budapest, is planning to launch the next generation of Zorp, under the name of Zorp 4.0, by the end of 2009 or the beginning of 2010.
Nowadays nearly half million users surf on the Internet on five continents through the Zorp technology.
Read more about the novelties: http://www.balabit.hu/dl/guides/zorp-gateway-v3.3-guide-whatsnew-hu.pdf
- Zorp 3.3
- syslog-ng OSE 3.0 git tree published2008.10.01 16:03
- I could finally get my syslog-ng 3.0 OSE tree published at git.balabit.hu. No nightly snapshots yet and I still have to prepare a formal announcement to post on the mailing list, but for those I teased with functions from the 3.0 branch, here it comes.
From the top of my head, OSE 3.0 supports:
- TLS encrypted channels,
- syslog message rewrite,
- parse parts of the syslog message and use the parsed parts in macros
- PCRE and glob filters (in addition to POSIX regexps),
- support for the new IETF syslog protocols,
- program sources,
- new statistics framework that can be queried using UNIX domain sockets
- etc.
I just wanted to get the word out. Success/failure reports would be appreciated.
- syslog-ng OSE 3.0 git tree published
- Is social network useful or harmful?2008.09.09 10:26
Péter HÖLTZL - IT security consultant
Experts have been claiming for years that citizens could become so defenseless due to the electronic central state registers: our personality can be stolen, our acts can be traced, our thoughts can come to light. However, nowadays it is ourselves that provide these pieces of information to everybody and of our own free will. A well done online profile does not only reveal our personality, philosophy upon life, hobbies, family, friendship and workplace circumstances but in our blogs we also give such a detailed account of our everyday activity and thoughts that even the most adverse dictatorship would have never dreamt about.
Social networking is today- Is social network useful or harmful?
- Your password for a rubber bone!2008.08.25 10:25
Attila Kiss - marketing manager
While we pay too much attention to network security and data security problems, we often forget that technology is no longer such a high risk as the users themselves. Even if we have successfully introduced the best security systems, we cannot stop there, since we also have to train users actively so that they become more security conscious. In this article, we will talk about a nearly out-of-date and forgotten but the most widely used security tool in the world: the password.
What is the problem with it? Mainly, that there are a lot of them. Or, at least, there should be a lot of them. Today, I have counted the number of passwords I had to use from waking up until typing of this article. it was 15.
Waking up: telephone PIN, SIM card PIN. Morning shopping: bank card PIN. Arrival at workplace: alarm PIN, operational system PIN, (office and private) e-mail password, chat passwords (MSN, GTalk, ICQ, Skype). Password for the intraweb, the online bank, the CRM and it is only now that I can get to work.
Of course, one starts to have defensive reactions. The PIN code of the telephone, of the SIM card and all bank cards are the same as the four digit code of the company- Your password for a rubber bone!
- Migrate over to PCRE?2008.06.30 16:30
- As of now the development of the generic rewrite feature has been completed in one of my private git repositories. The new code uses PCRE and I'm somewhat undecided how to move forward with PCRE.
For those who might not know PCRE is an implementation of regular expressions and is an acronym for "Perl Compatible Regular Expressions". PCRE adds a lot more features and seems to perform better than its POSIX equivalent.
So the situation is as follows:
- various filters use POSIX regexps
- rewrite uses PCRE
This is not a very consistent combination, thus I'm planning to add PCRE support for filters too. The only question is whether it is needed to have two independent regexp styles in syslog-ng in the long run.
If I decide that one of them is enough, then I'd deprecate POSIX style regexps in filters and wouldn't implement POSIX in rewrite rules. This combination would yield a syslog-ng that would give warnings when POSIX-style regular expressions are in use and in a forthcoming release I'd change the default regexp style to PCRE, and yet another syslog-ng release later, I'd phase out POSIX completely.
If the decision is to keep them both in the long run, it would mean that I'd need to implement POSIX style regexps for rewrite rules as well. This would probably the least intrusive for users, but also a lot more work. Also, this would allow adding other filtering options like globbing or prefix search.
What do you think? Is the addition of modular search algorithms worth it?
Please send your opinions to the mailing list: syslog-ng@lists.balabit.hu
- Migrate over to PCRE?
