Anthony M. Freed

Anthony M. Freed
Location
Eugene, Oregon, USA
Birthday
February 17
Title
Editor - Director of Business Development
Company
Infosec Island Network
Bio
Anthony is a researcher, analyst and freelance writer living in beautiful Eugene, Oregon. Anthony founded Information-Security-Resources.com in 2008, and merged forces with the Infosec Island Network in January of 2010. Infosec Island is committed to serving the needs of SMBs and mid-market enterprises across many industries, as well as nonprofits, government agencies, educational organizations, and the infosec community at large. Contact Anthony at afreed@wireheadsecurity.com regarding all aspects of business development, client and community relations. Many opportunities are currently available for business and strategic alignment at Infosec Island. Anthony also writes about the finance industry - particularly information security related topics - and is a fervent advocate of both freedom and accountability. Prior to founding ISR, Anthony received notoriety as a financial and business freelance journalist, including having numerous articles published by leading media syndicates such as The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, InvestorCentric, OpenSalon, Bear Market Investments, Alacra Pulse, ML-Implode, Reuters, and dozens more. Anthony has worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

AUGUST 16, 2010 3:32AM

How to Do Application Logging Right

Rate: 0 Flag

Just wanted to highlight another useful resource on logging: "How to Do Application Logging Right” by Gunnar Peterson and myself.

Following on our previous IEEE paper (here [PDF]), we explored application logging from a developer's perspective. As Gunnar already pointed out, “audit logs are one of the quick, dirty and cheap things that can improve enterprise security.”

Here is a fun except:

“Organizations have finally gotten network device logging and—to some extent—server logging under control. However, after getting used to neat Cisco Adaptive Security Appliance or other firewall logs and Linux “password accepted” messages, security incident investigators trying to respond to the next wave of attacks have been thrust into the horrific world of application logging.”

and

“We can start by establishing  criteria for good security audit logs (which we just call “logs” from now on). […]  On the basis of the six Ws, the following list [see paper] provides a starting point for what to include [in each application log message]”

and

“Software architects and developers must “get” logging; there’s no other way. This is because infrastructure logging from network devices and operating systems won’t cut it for detecting and investigating application-level threats. Security teams will need to guide developers and architects through useful, effective logging.”

Grab the paper here [PDF] and enjoy!

And, Raffy, you owe me another beer for “We thank Raffy Marty of Loggly for his thoughtful review of the draft article.” :-) In fact, I think me using the word “thoughtful” here justifies “beer+2”…

Cross-posted from Security Warror

Your tags:

TIP:

Enter the amount, and click "Tip" to submit!
Recipient's email address:
Personal message (optional):

Your email address:

Comments

Type your comment below: