You work as a Security Manager for Tech Perfect Inc.
In the organization, Syslog is used for computer system management and security auditing, as well as for generalized informational, analysis, and debugging messages.
You want to prevent a denial of service (DoS) for the Syslog server and the loss of Syslog messages from other sources.
What will you do to accomplish the task?
Click on the arrows to vote for the correct answer
A. B. C. D.This will prevent a denial of service (DoS) for the Syslog server and the loss of Syslog messages from other sources.
Answer: D is incorrect.
You can encrypt.
In order to accomplish the task, you should limit the number of Syslog messages or TCP connections from a specific source for a certain time period.
entries in both traditional Syslog files and a database for creating a database storage for logs.
As a Security Manager, you want to prevent a denial of service (DoS) attack on the Syslog server and the loss of Syslog messages from other sources. To accomplish this task, you have four options to choose from:
A. Use a different message format other than Syslog in order to accept data.
This option is not viable as Syslog is already in use for computer system management and security auditing, as well as for generalized informational, analysis, and debugging messages. Changing the message format may disrupt the existing system and create new vulnerabilities.
B. Enable the storage of log entries in both traditional Syslog files and a database.
This option can be a good choice as it provides redundancy and ensures that logs are not lost. By enabling storage of log entries in both traditional Syslog files and a database, the organization can have multiple copies of logs. This will help the organization to mitigate the loss of logs due to a single point of failure.
C. Limit the number of Syslog messages or TCP connections from a specific source for a certain time period.
This option is also a good choice as it can prevent a denial of service (DoS) attack by limiting the number of messages or TCP connections from a specific source for a certain time period. By doing so, the organization can prevent the Syslog server from being overwhelmed by a large number of requests from a single source.
D. Encrypt rotated log files automatically using third-party or OS mechanisms.
This option is not directly related to preventing a denial of service (DoS) attack or the loss of Syslog messages. Encrypting log files can help to protect sensitive data in case of unauthorized access to the logs, but it does not prevent a DoS attack or the loss of Syslog messages.
In conclusion, options B and C are good choices to prevent a denial of service (DoS) attack and loss of Syslog messages. Option A is not viable as Syslog is already in use, and option D is not directly related to preventing a DoS attack or the loss of Syslog messages.