Posts about logfiles and other activity records kept by computers and networks. Often related to their use in incident response
Two common concerns in incident response are (a) not having the data needed to investigate an incident and (b) not being able to find signs of incidents in a mass of other data. My Networkshop talk (see “Making IT Safer… Safely”) looked at how the GDPR principles might help us to get it, like Goldilocks’ […]
In a world where data storage is almost unlimited and algorithms promise to interrogate data to answer any question, it’s tempting for security teams to simply follow a “log everything, for ever” approach. At this week’s CSIRT Task Force in Malaga, Xavier Mertens suggested that traditional approaches are still preferable. With the speed of modern […]
The Article 29 Working Party has recently highlighted the importance of detecting and mitigating information security breaches. One of the key tools in doing this is logfiles: the European Court of Justice in Breyer v Germany recognised the role of web server logs, the Article 29 Working Party guidelines mention logs and network flow data. […]
The recent European Court case of Breyer v Germany provides welcome support for those who wish to protect the security of on-line services. The case concerned two questions – whether a website’s logfiles (typically containing time, client IP address, URL requested and result) constituted personal data and, if so, whether data protection law allowed the […]
The Counter-Terrorism and Security Act 2015, which received Royal Assent last week, has some network-related provisions among its various powers relating to terrorism. Section 21 adds further “relevant internet data” to the list of information that public telecommunications operators may be required to retain about the use of their networks and systems. Although in Parliament […]
A long time ago, testing software was part of my job. To help with that I had an initial checklist of questions to pose to any new program: situations where I should check that it behaved as expected. Once it passed those basic checks I could get on to the more detailed testing specific to […]