Quick Search

Enter word or key phrases

Advanced Search

Intelligence Sub Menu:

Benefits by Industry:

Key Interest Areas:

Information For:

SIFT Training Schedule

Secure Web Application Design
Course Dates:

Sydney, Melbourne 2009

SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services.

Publications

Log Injection Attack and Defence - 14 Feb 07

As outlined by the ASX Corporate Governance Council in their "Principles of Good Corporate Governance and Best Practice Recommendations":
“Good corporate governance structures encourage companies to create value (through entrepreneurism, innovation, development and exploration) and provide accountability and control systems commensurate with the risks involved.”

At a system level, it is often the case that much of this accountability is realised in the form of system logging. Unfortunately, while the logging mechanisms have become commonplace and are regarded as a necessity by many security standards, their implementations are often flawed and the logs themselves are often ignored. Despite these failings, it is crucial to ensure that logs have the necessary completeness and integrity such that when it becomes necessary to use them, the information they contain can be depended upon.

Malicious individuals who wish to cover their tracks have found ways to subvert the logging process through log manipulation. This special report examines one particular form of log manipulation called “log injection”. Log injection is the use of malicious inputs to a logging system such that those inputs illegitimately influence the structure or perceived structure of the log. Many common variations of this attack exist, the most common of which are covered herein.

There are many ways to protect the logging process; however log injection is one attack which is difficult to defend against and can be applied in many forms, several of which include subverting countermeasures specifically developed to protect against it.

The paper approaches the discussion of log injection with the analogy of a war game, where one side’s offence induces a counterattack, which itself induces a counter-counterattack and so
on. The paper begins with individual attacks and their corresponding defences starting with naïve (but often-implemented) schemes and progressing to more sophisticated approaches. Finally, strong defences are studied for which practical attacks are less common.

The content of this special report is targeted at developers, analysts and architects who wish to understand the risks of log injection and the associated mitigation strategies in order to implement or improve a logging solution so that it is robust and trustworthy. It is also aimed at security testers who require an in-depth knowledge of the topic and an understanding of the hurdles they may encounter so they may thoroughly test all possibilities.

The examples presented in this report are intended as demonstration material only and do not encompass additional defences and other peripheral complexities that may be part of their real world counterparts.



Top

Enter your email address to subscribe

SIFT Team Delivering 3 Presentations at Ruxcon!

21 Nov 08

The Ruxcon information security conference is once again being held in Sydney on the 29th to the 30th of November. The not-for-profit conference is regarded throughout Australia and the world as one of the leading information security research events.
more...

SIFT in 2008 BRW Fast 100

20 Nov 08

In the second half of 2008, SIFT was recognised for our rapid and consistent growth through inclusion in the 2008 BRW Fast 100.
more...
© 2000-2008 SIFT Pty Ltd. All rights reserved.
Terms & Conditions | Privacy Policy
Developed by Get Started Australia Pty Ltd