Ensuring secure centralised logging can be a challenge, especially in security-sensitive systems. However, the use of unidirectional communication with the use of a data diode can provide a robust solution to this challenge.
Traditional methods pose huge risks of attacks
Centralised logging in security-sensitive systems involves an enhanced risk of attacks. To reduce the risks, a solution is needed that protects both log data and all connected systems.
Most IT systems generate logs that enable troubleshooting and traceability. To benefit the most from such logs, it is important to combine logs from as many systems as possible in one chronological list. If you have securitysensitive or zoned systems and want to implement centralised logging, you need to resolve an inherent goal conflict. Logging benefits from having one shared system for all zones/subsystems, but a shared system also increases the risk of attacks.
1. The risk of the log system being contaminated with confidential data
If any of the zones contains confidential data, there is a risk of the log system also being contaminated with confidential data. If this happens, the need for protection increases as the zone from which the data comes, and also the log system, must be protected against leakage of the confidential data.
2. The risk of the log system being used as a stepping stone for attacks
If the log server is connected to several zones, it becomes an attractive intermediate target for attacking a system in another zone via the log server.
3. The risk of the log system being used for reconnaissance ahead of future attacks
The log system makes it possible to draw conclusions about which events are visible. An attacker can adapt their method of attack and thus reduce the risk of detection.
4. The risk of the log system being attacked to cover up the tracks of an attack
If an attacker can access the log system, they can corrupt or delete log data, affecting the reliability of log data. There is also a risk of log data being deleted or corrupted even before it reaches the log system.
Why data diodes are your best choice for secure centralised logging
Using data diodes to protect the collection of log data, you achieve very good protection:
- It is impossible to carry out attacks from the log system on any of the zones.
- You can use a shared log system regardless of the number of zones connected. This avoids the additional costs of having to maintain several log systems in parallel.
- You can easily shield and protect the log system so that no unauthorised person can access its contents.
- Data diodes means simplified security analysis (and thus simplified commissioning) and meet extremely strict requirements from bodies such as supervisory authorities.
All the zones that supply log data are protected with one data diode each. The data flow is made unidirectional towards the log system. A shared log system can therefore be used regardless of the number of zones supplying data to the log system. If any of the zones contains confidential data, either the log system must be protected at the appropriate confidentiality level, or the log data from such a zone must be filtered so that the log system is not contaminated with confidential data. However, this can lead to the value of the log data decreasing as free text data often needs to be filtered out, which may make it more difficult to interpret log data.
- The diodes make it impossible to use the log system as a stepping stone (2).
- The diodes make it easy to protect the log system so that no unauthorised person can access the data (1,3).
- It is much more difficult for an attacker to cover their tracks after an attack (4).
- It is also possible to encrypt the connection to the log server to prevent corruption of log data (4).
More reasons why data diodes should be your choice of security solution
There are several strengths with a data diode:
- Their ability to ensure security in insecure systems, and to protect and preserve legacy systems. By using data diodes, legacy systems can be protected without overhauling the entire system.
- Its hardware aspect. By using a hardware system, data diodes remove, to a large extent, the possibility of user error.
- The long-term operating costs are low. After the initial investment of purchase and system integration, the savings in maintenance and administration costs make the data diode an efficient network security solution in the long run.
- The way they reduce the cybersecurity risk. The data diode’s strict properties mean that you can completely rule out certain types of risks. For example, you know that the network cannot leak information and can thus focus on managing risks with privacy and malware.
- You can feel secure in the long term. Data diodes are a solution that is as secure today as in 5 or 10 years, and this without you having to do anything. You can trust that it will continue in the same secure way for a long time.
- They are easy to install and configure, and a simple standard use case can be deployed in a couple of hours. Monitoring is done using standard methods such as SNMP and Syslog that allows integration with all widely used network monitoring tools. Configuration changes are applied using a simple to use web application interface.
Read more about our data diodes and how they can secure your information and read more about secure centralised logging with datadiodes!
If you need more advice on security solutions and how you can switch to data diodes, you are welcome to contact us!
