LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Journal - a proposed syslog replacement

The Journal - a proposed syslog replacement

Posted Nov 22, 2011 20:27 UTC (Tue) by raven667 (subscriber, #5198)
In reply to: The Journal - a proposed syslog replacement by JesseDyer
Parent article: The Journal - a proposed syslog replacement

Wow, if only all of this energy were spent solving the real problem (how the attacker gets in) rather than the tangential problem (how do we know he got there), perhaps all of this would be rendered... moot?

If only the world were that simple. You are never going to be able to prevent a motivated attacker from getting into your system. That's not really practically possible, new vulnerabilities will be discovered at the same rate or faster than you can plug them. What you can do, and what is a better use of resources, is a strong audit capability so that you can throw the bums out as soon as they get in, hopefully before they can cause serious damage. Not that you shouldn't patch as well but all the patching in the world will never be enough.

The world is a harsh place, you can't prevent all bad things from happening all the time but you can respond quickly with strength and resilience when they do.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds