[Cryptography] Write-protect switches, etc.
Theodore Ts'o
tytso at mit.edu
Fri Jan 1 12:40:57 EST 2016
On Wed, Dec 30, 2015 at 08:59:33AM -0800, Henry Baker wrote:
>
> Soooo, you need a *write-once*, *append-only* device to act as a logger.
>
> It's sad, in this day and age, that the best logger may be an old-style continuous paper printer.
DVD-R drives work fairly well as WORM drives. Certainly better than
paper printers. Yes, there is the block size chunking issue, but this
can be solved by using a separate logging server located in a DMZ
which is connected using either a dedicated network link, or, if
you're really paranoid, an serial line.
This strategy is suitable for both logs and things like git
repositories, and is being used in production for certain critical
open source infrastructure sites on the net.
- Ted
More information about the cryptography
mailing list