Security Issued in Network Event Logging BOF (syslog) Tuesday, March 28 at 1545-1645 ============================== CHAIR: Chris M. Lonvick DESCRIPTION: Syslog is a de facto standard for logging system events. However, the protocol component of this event logging system has not been formerly documented. While the protocol has been very useful and scaleable, it has some known but undocumented security problems. For instance, the messages are unauthenticated and there is no mechanism to provide verified delivery and message integrity. The goal of this working group is to document and address the security and integrity problems of the existing Syslog mechanism. In order to accomplish this task we will document the existing protocol. The working group will also explore and develop a standard to address the security problems. Message authentication can be addressed in well-known ways using shared secrets or public keys. Because an important component of any solution will be the ease of transition from the existing mechanism, we will initially explore the use of shared secrets within the existing protocol with the intent of not impacting non-participants. Verifiable delivery, message integrity and authentication can also be explored in a tcp-based message delivery protocol. AGENDA: Introduction and Level Setting -30 minutes o Syslog as de facto network event logging standard although the protocol has never been described in an Internet Draft. There are security weaknesses in the protocol. At a high layer, these include - no authentication of the sender or receiver - no verification of delivery of the messages On the other hand, it does have a widespread implementation and most users understand its scalability charactersitics. o Although machine authentication can be delivered through SSL/TLS or IPSec, a simpler mechanism may be considered for syslog, such as something similar to authenticated RIP or BGP. Along with this, a lightweight integrity check would be desireable. o A feedback mechanism between the message sender and the message receiver should be considered for verifiable delivery of the messages. This mechanism should also have a mechanism for message authentication and integrity. o Because an important component of any solution will be the ease of transition from the existing mechanism, we will initially explore the use of shared secrets within the existing protocol with the intent of not impacting non-participants. o IPSec or TLS may be used for confidentiality. Goals of a Secure Syslog Working Group -20 minutes o Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as a Standards Track RFC. o Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC. o Post as an Internet Draft the specification for an authenticated Syslog with verifiable delivery and message integrity for consideration as a Standards Track RFC. o Revise drafts as necessary and advance these Internet Drafts to Standards Track RFCs.