June 2008 Archives

Heterogenious logging

By E:Jepsen on June 19, 2008 10:54 PM | | Comments (0) | TrackBacks (0)

Interconnecting systems in a service oriented architecture (SOA) pose no solution to security auditors. Quite the contrary.

System logging is a very important mechanism for documenting what has actually happened – also called non-repudiation. In the old days when an application exclusively handled a particular task without much integration to other systems, it was sufficient to examine that system’s log.

Now, let’s consider an Intranet portal. The portal consists of, say, 5 portlets which collects data from various backend systems such as HR, mail, corporate news, education etc. This means that logs will be spread on all the visited systems thus making it very difficult to resolve the audit trail of a suspected user and determining what the user actually did on the systems. 

Recently I’ve been on two engagements with customers who had identified the need for such a clear audit trail. IBM’s solution for this is called Tivoli Compliance Insight Manager (TCIM) and is basically a system that consolidates logs from various systems (windows, unix, z/OS, etc.) as well as applications and network boxes.
 

TCIM is a step in the right direction and can be used within the internal perimeter. In an external SOA we once again stumble upon the need for standard ways to communicate logs. A standard approach is important because otherwise the cost of integrating would be too high, and probably not all information would be made available.

… and when that information is there we need to consider which info to share.

« April 2008 | Main Index | Archives

About this Archive

This page is an archive of entries from June 2008 listed from newest to oldest.

April 2008 is the previous archive.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Powered by Movable Type 4.01

Search