Companies trip up on log tests

Four out of five companies don't have good enough logfiles to keep them out of trouble, according to a security testing firm

In the event of a security breach, the vast majority of companies would find that the logfiles their systems keep are not good enough to nail the trouble, according to a European security testing firm. "Twenty percent of companies are nearly there," said Roy Hills, technical director at NTA Monitor. "We've never found anyone who is doing it all completely right, but these people would probably make it through a crisis. The vast majority of companies don't have enough log information for an audit trail." The company has carried out 1500 tests at customer premises, and found that the lack of logs would make it very difficult for the majority of them to respond to security scares, or abuse inside the company. Most enterprise IT networks are made up from a variety of different hardware and software products, which carry out logging in different ways. To provide an audit trail, companies should make sure that all the logs are turned on. The systems should also be time-synchronised, said Hills, so that IT managers can tie logs together, and prove that a dubious query on the SQL database must have come during a particular breach of the firewall, or when a suspect worker was online. Users are failing to log because they don't have time, or don't see the need, not because of the expense, said Hills: "Finance is no barrier to logging. Disk storage is dirt cheap, and time synchronisation is available for free on the Internet." "Logs and audit trails are important to protect against legal action," said Nigel Miller, a partner at Fox Williams solicitors, president of the International Federation of Computer Law Associations. Current legislation makes users responsible for data protection violations carried out using their data by hackers -- being able to trace the source of any problems could be very useful in the long term.

More enterprise IT news in ZDNet UK's Tech Update Channel.

For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter. Have your say instantly, and see what others have said. Go to the ZDNet news forum. Let the editors know what you think in the Mailroom.