Confirmed users
491
edits
Services/KeyExchange: Difference between revisions
Jump to navigation
Jump to search
→Security Logging & Defense
| Line 363: | Line 363: | ||
===Logging Points=== | ===Logging Points=== | ||
CEF | ====CEF Logging==== | ||
* Bad action taken against a valid channel id (denoted by 400 error code) | * Bad action taken against a valid channel id (denoted by 400 error code) | ||
** Examples: non-existent x-keyexchange-id, bad x-keyexchange-id | ** Examples: non-existent x-keyexchange-id, bad x-keyexchange-id | ||
| Line 373: | Line 373: | ||
** Examples: Client unable to complete j-pake sync for any number of reasons and falls back to original sync approach | ** Examples: Client unable to complete j-pake sync for any number of reasons and falls back to original sync approach | ||
** Reported by client to server via reporting API | ** Reported by client to server via reporting API | ||
====Application Logging==== | |||
* Full application logging will be created to enable incident response review | |||
* Logged to application server and not via CEF | |||
* Logs will include: | |||
** Timestamp | |||
** IP address | |||
** Full URL | |||
** x-keyexchange-id | |||
** Event | |||
** Other non-essential headers will be discarded | |||
== Brian's Notes == | == Brian's Notes == | ||