Securing logs and traces

Sterling™ Order Management System Software applications have a rich set of logging and tracing facilities. For example, from the System Management Console, you can dynamically activate detailed traces on any API or screens on the running system.

Threat

It is important that you secure your log and trace files. Logs may:
  • Contain information (for example, stack traces) that can help malicious users understand how the application works
  • Contain sensitive personal information that attackers would like to collect
  • Be needed for forensics or for breach investigation. Malicious users may want to tamper with log files to hide their activities.

Mitigation

At a minimum, IBM® recommends the following:
  • Store your log files into directories that have restricted access. For example, the file system should allow the application to write logs, but not to read them. The file system should also restrict who can read and copy the logs.
  • Ensure that access to the System Management Console is restricted to privileged individuals to prevent attackers from starting traces.
  • During your system test, enable all traces at the highest level. At the end of the test, make sure you understand which API's or screens log out sensitive information.