1 / 13

55 th IETF

syslog WG Chair: Chris Lonvick <clonvick@cisco.com> mailing list: syslog-sec@employees.org. 55 th IETF. Agenda. Agenda Bashing - 2 m Review of Charter and Status Update - 8 m

minya
Download Presentation

55 th IETF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. syslog WG Chair: Chris Lonvick <clonvick@cisco.com> mailing list: syslog-sec@employees.org 55th IETF

  2. Agenda • Agenda Bashing - 2 m • Review of Charter and Status Update - 8 m • Review of syslog-sign - 30 m • Plea for New Author of syslog-device-mib - 10m • Wrap Up - 10 m

  3. Syslog WG Charter (1/3) • Syslog is a de-facto standard for logging system events. However, the protocol component of this event logging system has not been formally documented. While the protocol has been very useful and scaleable, it has some known but undocumented security problems. For instance, the messages are unauthenticated and there is no mechanism to provide verified delivery and message integrity.

  4. Syslog WG Charter (2/3) • The goal of this working group is to document and address the security and integrity problems of the existing Syslog mechanism. In order to accomplish this task we will document the existing protocol. The working group will also explore and develop a standard to address the security problems.

  5. Syslog WG Charter (3/3) • Beyond documenting the Syslog protocol and its problems, the working group will work on ways to secure the Syslog protocol. At a minimum this group will address providing authenticity, integrity and confidentiality of Syslog messages as they traverse the network. The belief being that we can provide mechanisms that can be utilized in existing programs with few modifications to the protocol while providing significant security enhancements.

  6. WG Status • “The BSD syslog Protocol” - RFC 3164 produced August 2001. • “Reliable Delivery for syslog” - RFC 3195 produced November 2001. • draft-ietf-syslog-sign-07.txt - wip • draft-ietf-syslog-device-mib-01.txt - wip

  7. Jon Callas <jon@callas.org> Update to Syslog-Sign

  8. Syslog-Sign History • Improvements to syslog, layered on existing protocol(s) • Signed information inserted into log stream and can be retained in a repository • Sliding window over messages supports reliable and unreliable logging

  9. Document Status • Finalizing for RFC • “penultimate call” • Adding language for • Replacements of “PRI” function in signature groups called Signature Pri Value • Denotes differences between syslog message stream and the signature stream • Transport agnosticism

  10. Signature Pri Value • Consider five messages • PRI of 10, 20, 30, 40, 50 • Sig Group of 0 means • signature message generated over all five entries, one sig message created • May be nice to use 46 as PRI value, facility = 5 (syslogd) and severity 6 (informational)

  11. SPV (continued) • Sig Group of 1 means • Five signature messages created, one for each entry • Sig Group value is PRI of message

  12. SPV (continued) • Sig Group of 2 means • Each group contains a range of PRI values, SPV defines top of range • If we pick 46 again, then two signature messages are generated, one over 10-40, and one over 50. • You get to arbitrarily pick a PRI of those signature messages

  13. SPV (continued) • Sig Group of 3 means • Network administrators think they know best • Completely implementation dependent, potential opportunity for plugins, etc. • Actual messages dependent on implementor's whim.

More Related