PCI DSS compliance and log management

Transcription

1 PCI DSS compliance and log management March 11, 2014 Abstract How to control and audit remote access to your servers to comply with PCI DSS using the syslog-ng Store Box Copyright BalaBit IT Security Ltd.

2 Table of Contents 1. Preface Log Management s Role Using syslog-ng PE and SSB for compliance Public references Using the syslog-ng Store Box and syslog-ng Premium Edition for policy compliance Summary About BalaBit

3 Preface 1. Preface Organizations involved in payment card processing including those that store, process, or transmit credit cardholder data are required by credit card companies to implement The Payment Card Industry (PCI) Data Security Standard (DSS). PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI-DSS 3.0 was published in This latest version consists of six control objectives and twelve requirements, which are summarized in the following table. Control Objectives Build and Maintain a Secure Network and Systems PCI DSS Requirements 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data Maintain a Vulnerability Management Program 4. Encrypt transmission of cardholder data across open, public networks 5. Protect all systems and malware and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures Regularly Monitor and Test Networks 7. Restrict access to cardholder data by business need-to-know 8. Identify and authenticate access to system components 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel 1.1. Log Management s Role Log messages provide important information about the events of the network, the devices, and the applications running on these devices. Log messages document user and system activity and can be used to detect security incidents, operational problems, and other issues like policy violations, and are useful in auditing and forensics situations. Collecting, storing and reviewing logs is explicitly required in requirement ten of PCI DSS but log messages are a very useful tool to prove compliance with the standard s other requirements. The following table will give examples of how log management can help comply either directly or indirectly with PCI DSS. This paper discusses the advantages of using the syslog-ng Store Box appliance and the syslog-ng Premium Edition application to collect, store, and manage system log (syslog) and eventlog messages in compliance with the Payment Card Industry Data Security Standard (PCI-DSS). The document is recommended for technical experts and decision makers working on implementing centralized logging solutions, but anyone with basic networking knowledge can 3

4 Using syslog-ng PE and SSB for compliance fully understand its content. The procedures and concepts described here are applicable to SSB version 3 F2 and syslog-ng Premium Edition version 5 LTS Using syslog-ng PE and SSB for compliance Compliance is becoming more and more important in several fields laws, regulations and industrial standards mandate increasing security awareness and the protection of sensitive data. As a result, companies have to increase the control over and the auditability of their business processes, and this makes thorough log management necessary especially since several regulations require the centralized collection of logs (including retaining logs for an extended amount of time often spanning several years). Log messages provide important information about the events of the network, the devices, and the applications running on these devices. Log messages document user and system activity and can be used to detect security incidents, operational problems, and other issues like policy violations, and are useful in auditing and forensics situations. Collecting, storing and reviewing logs is explicitly required in requirement ten of PCI DSS but log messages are a very useful tool to prove compliance with the standard's other requirements. The syslog-ng Premium Edition enables enterprises to collect, filter, normalize, forward, and store log messages from across their IT environment. Using syslog-ng Premium Edition, organizations can centralize and simplify their log management infrastructure to improve operations, gain visibility of security threats, and meet compliance requirements. The syslog-ng Store Box (SSB) is a high-reliability log management appliance that builds on the strengths of syslog-ng Premium Edition, and extends its functionality to provide a Graphical User Interface, flexible, fast search capabilities, custom reporting, and other useful features. The syslog-ng Store Box logserver appliance and the syslog-ng Premium Edition log collector application give you the tools you need to create a complete, reliable, and trusted log infrastructure to collect the log messages from the clients to a central log server, ensuring the secure transmission and storage of the log messages from a wide variety of operating systems Public references Among others, the following companies of the financial sector decided to use SSB in their production environment: Public references of syslog-ng Store Box Among others, the following companies decided to use SSB in their production environment: DATA BASE FACTORY (Read Case Study) Fiducia IT AG LinkedIn Corporation Societe Generale University of Exeter (Read Case Study) Public references of syslog-ng Premium Edition Among others, the following companies decided to use syslog-ng PE in their production environment: 4

5 Public references Air France Coop Denmark DataPath, Inc. (Read Case Study) Facebook Hush Communications Canada Inc. Tecnocom Espana Solutions, S.L. (Read Case Study) Telenor Norge AS (Read Case Study) 5

6 Using the syslog-ng Store Box and syslog-ng Premium Edition for policy compliance 2. Using the syslog-ng Store Box and syslog-ng Premium Edition for policy compliance The following table provides a detailed description of the requirements of the Payment Card Industry Data Security Standard version 3 (PCI-DSS, available here) relevant to log management and auditing. Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 1.1.1: A formal process for Log management role: Configuration changes can approving and testing all network connections be documented in firewall messages to demonstrate and changes to the firewall and router configurations. compliance. How syslog-ng PE helps you: Create a trusted path of logs from the firewalls to the logserver that provides tamper proof, digitally signed, timestamped log storage to have an audit trail of every configuration change. How syslog-ng Store Box helps you: The syslogng Store Box helps you manage the life cycle of the audit logs, including: collection, transfer, safe and secure storage, backup, archiving, cleanup. You can quickly find relevant firewall logs using the search interface or the API. Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Requirement 2.2.1: Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.) Note: Where virtualization technologies are in use, implement only one primary function per virtual system component. Log management role: A report showing server logs can be used to demonstrate that servers are solely performing a primary function. How syslog-ng PE helps you: With syslog-ng PE you can flag logs from unknown programs on the host, right at the source of the message, and route them differently (for example, to a list of suspicious log messages), or create alerts based on them. How syslog-ng Store Box helps you: SSB can generate customized reports detailing server functions. 6

7 Requirement 3: Protect stored cardholder data Requirement 2.2.2: services, protocols, daemons, etc., as required for the function of the system. Enable only necessary Log management role: Logs are a valuable source to determine if previously disable services are running as they might indicate an attack. How syslog-ng PE helps you: Using syslog-ng Premium Edition, logs from disabled services can be filtered from normal log traffic to alert security analysts. How syslog-ng Store Box helps you: Using syslogng Store Box, logs from disabled services can be filtered from normal log traffic to alert security analysts. Requirement 3: Protect stored cardholder data Requirement 3.4: anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches: Render PAN unreadable Log management role: One-way hashes based on strong cryptography, (hash must be of the entire PAN) Truncation (hashing cannot be used to replace the truncated segment of PAN) Index tokens and pads (pads must be securely stored) Strong cryptography with associated key-management processes and procedures. In the event that PAN data needs to be included in logs, PCI DSS requires that the logs be unreadable. Logs may contain sensitive information such as personal identification numbers (PIN) and card validation codes. How syslog-ng PE helps you: The syslog-ng Premium Edition application can rewrite any logs containing cardholder data to mask any numbers, optionally using strong, cryptographically secure hashing. This rewriting can be done right at the message source to make sure that the cardholder data never leaves the system. Logs can also be stored in binary, time-stamped files using strong encryption to ensure that any sensitive data is secure. Only authorized users can access the decryption key. How syslog-ng Store Box helps you: The syslogng Store Box can store log messages in binary, timestamped files using strong encryption to ensure that any sensitive data is secure. Only authorized users can access the decryption key. In addition, syslog-ng Store Box provides fine-grained access control and encryption functionality to its search interface, helping you allow access to logs that have to include PAN data on a needto-know basis. 7

8 Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 4.1: and security protocols (for example, SSL/TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks, including the following: Use strong cryptography Log management role: Only trusted keys and certificates are accepted. The protocol in use only supports secure versions or configurations. The encryption strength is appropriate for the encryption methodology in use. Logs may contain sensitive information such as personal identification numbers (PIN) and card validation codes. Such data must be safeguarded when it is transmitted or received over open, public networks. How syslog-ng PE helps you: The syslog-ng Premium Edition application supports Transport layer security (TLS) to encrypt the communication between the clients and the log server, and to protect the integrity of the messages. Using TLS-encryption also prevents third-parties from accessing or modifying the communication. The communication between the syslog-ng PE client and the SSB logserver can be mutually authenticated using X.509 certificates to verify the identity of the communicating parties, and prevent attackers from injecting fake messages into the log files. The syslog-ng PE application can also validate certificate chains, and use only selected, strong ciphers. How syslog-ng Store Box helps you: SSB supports Transport layer security (TLS) to encrypt the communication between the clients and the log server, and to protect the integrity of the messages. Using TLS-encryption also prevents third-parties from accessing or modifying the communication. The communication between the syslog-ng PE client and the SSB logserver can be mutually authenticated using X.509 certificates to verify the identity of the communicating parties and prevent attackers from injecting fake messages into the log files. The web interface and the search API of SSB is only accessible via the encrypted HTTPS protocol. 8

9 Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs Requirement 5.2: Ensure that all anti-virus Log management role: Logs from anti-virus tools mechanisms are maintained as follows: Are kept current, not only demonstrate that logging has been activated but also can show when anti-virus updates fail. Perform periodic scans How syslog-ng PE helps you: The syslog-ng Generate audit logs which are retained per PCI DSS Requirement Premium Edition application can collect and centralize logs from a wide variety of log sources including antivirus tools from leading vendors. How syslog-ng Store Box helps you: SSB can collect and centralize logs from a wide variety of log sources including anti-virus tools from leading vendors. Using the PatternDB functionality, you can parse the logs of anti-virus tools and create reports and alerts based on the information they contain (for example, last database update time, software version, and so on). Requirement 6: Develop and maintain secure systems and applications Develop internal and ex- Log management role: Requirement 6.3: ternal software applications (including webbased administrative access to applications) securely, as follows: In accordance with PCI DSS (for example, secure authentication and logging) Based on industry standards and/or best practices. Incorporating information security throughout the software-development life cycle Log management is part and parcel of application security today. Custom applications should include a log generating feature to track application activity. How syslog-ng PE helps you: The syslog-ng Premium Edition application runs on a wide variety of platforms, making it easy to set up log management for custom applications. The syslog-ng PE application can collect logs directly from applications using various formats (for example, plain text, JSON, RFC3164, RFC5424) and various methods (for example, read from file, UNIX domain sockets, TCP, fetch directly from SQL, and the built-in logging facilities of the operating systems). Using the PatternDB functionality it is straightforward to write patterns for custom applications that identify security events. How syslog-ng Store Box helps you: SSB can collect and centralize logs from a wide variety of log sources. In addition to the features of syslog-ng PE, SSB helps developers and operators (DevOps) monitor their custom applications for proper operation (including security aspects) through its powerful search interface and API. 9

10 Requirement 7: Restrict access to cardholder data by business need to know Requirement 6.6: applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods: For public-facing web Log management role: Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes Installing an automated technical solution that detects and prevents web-based attacks (for example, a web-application firewall) in front of public-facing web applications, to continually check all traffic. Logs provide a rich source of data about traffic to web-applications. Collecting and centralizing logs from network and application layers can provide context from which attacks can be identified. How syslog-ng PE helps you: The syslog-ng Premium Edition application can collect and process logs from a variety of security devices including firewalls, and IDSs. Using the PatternDB or the regex-matching capabilities of syslog-ng PE you can create alerts for known attack patterns. How syslog-ng Store Box helps you: SSB can collect and process logs from a variety of security devices including firewalls, and IDSs. The search capabilities can be used to look for known attack patterns in the logs of these systems automatically or manually. Requirement 7: Restrict access to cardholder data by business need to know Requirement 7.1: Limit access to system components and cardholder data to only those individuals whose job requires such access. Log management role: Logs can be used to demonstrate access to system components and cardholder data. How syslog-ng PE helps you: All log messages can be encrypted using public-key encryption on the central log server in a so-called logstore file. The syslog-ng PE application can also digitally sign the files, and request timestamps for the stored data from an external Timestamping Authority (TSA) provide reliable date for the signature. How syslog-ng Store Box helps you: SSB can restrict access to logs using strong authentication and granular access policies. All log messages can be encrypted using public-key encryption on the central log server in a so-called logstore file. The SSB can also digitally sign the files, and request timestamps for the stored data from an external Timestamping Authority (TSA) provide reliable date for the signature. 10

11 Requirement 8: Identify and authenticate access to system components Requirement 8: Identify and authenticate access to system components Requirement 8.1: Define and implement Log management role: Not only are logs essential policies and procedures to ensure proper user to detecting suspicious behavior such as excessive failed identification management for non-consumer login attempts but they are an excellent means by which users and administrators on all system components as follows: to demonstrate compliance with user access requirements. Requirement 8.1.1: Assign all How syslog-ng PE helps you: Using the syslog-ng users a unique ID before allowing PE's PatternDB feature, logs for successful logins and them to access system components logouts can be paired to create session events which facilitate tracking user or cardholder data. access. How syslog-ng Store Box helps you: SSB can generate custom reports to show access to system components. SSB can connect usernames to an Active Directory or LDAP database. Strong RADIUS-based authentication (for example, using authentication key fobs) is also available to ensure accountability for those accessing logs potentially containing cardholder data. Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 10.1: Implement audit trails to link all access to system components to each individual user. Log management role: Log management is an essential tool in linking user access to system components enabling security teams to trace suspicious activity back to a specific user. How syslog-ng PE helps you: The syslog-ng Premium Edition application provides a reliable log management infrastructure that can collect and store logs for such audit trails. Without all of the necessary log data, security teams may fail to identify attacks or their sources. How syslog-ng Store Box helps you: SSB provides a reliable log management infrastructure that can collect and store logs for such audit trails. Without all of the necessary log data, security teams may fail to identify attacks or their sources. 11

12 Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 10.2: audit trails for all system components to reconstruct the following events: Implement automated Log management role: Generating logs of these actions provides a context for identifying and tracing malicious activity. These events represent high risk activity which merit close scrutiny. Requirement : All individual user accesses to cardholder data How syslog-ng PE helps you: Requirement : All actions taken by any individual with root or administrative privileges Requirement : all audit trails Invalid lo- How syslog-ng Store Box helps you: SSB provides a reliable system logging infrastructure that can collect and store logs for such audit trails. Events can be investigated in their context using the intuitive search interface. Using syslog-ng PE's PatternDB feature, logs can be filtered based on content including special events such as logins by privileged users and access to log data. Requirement : gical access attempts Access to The syslog-ng Premium Edition application provides a reliable logging infrastructure that can collect and store logs for such audit trails. Using syslog-ng PE's PatternDB feature, logs can be filtered based on content including special events such as logins by privileged users and access to log data. Requirement 10.3: Record at least the following audit trail entries for all system components for each event: User iden- Requirement : tification Requirement : event Requirement : time Requirement : failure indication Requirement : of event Requirement : Identity or name of affected data, system component, or resource Log management role: Collecting these details in logs can reduce the time needed to identify potential incidents and allows security experts to analyze user behavior. How syslog-ng PE helps you: The syslog-ng Type of Premium Edition application provides macros and powerful message-rewriting capabilities to reformat and Date and normalize the messages in order to convert them to a common format to ensure that the order of the data fields in the message is consistent with other messages. Success or How syslog-ng Store Box helps you: Origination SSB provides macros and powerful message-rewriting capabilities to reformat and normalize the messages in order to convert them to a common format to ensure that the order of the data fields in the message is consistent with other messages. Events can be investigated in their context using the intuitive search interface. 12

13 Requirement 10: Track and monitor all access to network resources and cardholder data Using time-synchroniz- Log management role: Requirement 10.4: ation technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time. Different log messages often use different timestamp formats to date the messages (for example, some timestamp formats do not contain year or timezone information), making it difficult to locate the messages later, and to properly see their place in the flow of events. How syslog-ng PE helps you: The syslog-ng Premium Edition application converts the timestamps to a single format (for example as specified in the ISO 8601 standard). The syslog-ng PE server can automatically add the date and time when it received the message, so the log messages contain accurate time information even if the clock of the client host or the application is mistimed. This is possible while still retaining the original receive time. Digital timestamping using a thirdparty Timestamping Authority (TSA) is available for the logstore storage format. How syslog-ng Store Box helps you: SSB can convert the timestamps to a single format (for example as specified in the ISO 8601 standard). SSB can automatically add the date and time when it received the message, so the log messages contain accurate time information even if the clock of the client host or the application is mistimed. Naturally, SSB itself can synchronize its system clock to NTP servers. 13

14 Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 10.5: Secure audit trails so Log management role: In the event of a data breach, they cannot be altered. attackers often try cover their tracks by deleting logs. Collecting and transferring logs to a secure central server reduces the risk an attacker can access logs. According PCI DSS, adequate protection of logs includes strong access control (limit access to logs based on "need to know" only), and use of physical or network segregation to make the logs harder to find and modify. How syslog-ng PE helps you: All log messages can be encrypted using public-key encryption on the central log server in logstore file. The syslog-ng Premium Edition application can also digitally sign the files, and request timestamps for the stored data from an external Timestamping Authority (TSA) provide reliable date for the signature. How syslog-ng Store Box helps you: All log messages can be encrypted using public-key encryption on the central log server in a so-called logstore file. SSB can also digitally sign the files, and request timestamps for the stored data from an external Timestamping Authority (TSA) provide reliable date for the signature. The syslog-ng Store Box appliance is based on a hardened, secured Linux operating system. It is configured to prevent unauthorized external access and make sure it acts as a secure log storage. BalaBit issues regular securityupdate releases to make sure that all components are up-to-date. Requirement : Limit viewing of audit How syslog-ng PE helps you: Encrypted log messages can be viewed only if the user has the required trails to those with a job-related need. encryption key. How syslog-ng Store Box helps you: SSB can restrict access to logs using strong authentication and granular access policies. Encrypted log messages can be viewed only if the user has the required encryption key. Access to the logs can be also tied to group memberships, for example, based on information from an Active Directory or other LDAP server. 14

15 Requirement 10: Track and monitor all access to network resources and cardholder data Requirement : Protect audit trail files How syslog-ng PE helps you: When stored in the from unauthorized modifications. encrypted logstore of the central syslog-ng Premium Edition server, log messages are also timestamped and digitally signed to prevent modifications. The integrity of the messages is also checked when they are transmitted from the client to the log server. The communication between the clients and the log server can be mutually authenticated using X.509 certificates to prevent log-injection attacks. How syslog-ng Store Box helps you: When stored in the encrypted logstore of the central syslog-ng Store Box server, log messages are also timestamped and digitally signed to prevent modifications. The integrity of the messages is also checked when they are transmitted from the client to the log server. The communication between the clients and the log server can be mutually authenticated using X.509 certificates to prevent log-injection attacks. Requirement : Promptly back-up How syslog-ng PE helps you: The syslog-ng audit trail files to a centralized log server or Premium Edition application was created exactly for this media that is difficult to alter. purpose: to transfer the log messages generated on the host to a central log server, where they can be stored in encrypted and digitally signed log files to prevent modifications. To ensure that no log messages are lost, syslogng PE supports TCP networking protocol, applicationlevel-acknowledgement via the Reliable Log Transfer Protocol (RLTP) and can also send log messages to a backup log server in case the primary server becomes unavailable. To avoid losing messages during network outages, syslog-ng PE buffers the messages to the hard disk, and sends the messages when the server becomes available. How syslog-ng Store Box helps you: The syslogng Store Box appliance was created exactly for this purpose: to act as a centralized log server that securely stores the log messages in encrypted and digitally signed log files to prevent modifications, and handle the entire log life cycle, including archiving and backup. SSB works seamlessly with syslog-ng Premium Edition clients and relays, and can communicate with third-party solutions to ensure that logs are received with minimal delay. 15

16 Requirement 10: Track and monitor all access to network resources and cardholder data Requirement : Write logs for externalfacing technologies onto a secure, centralized, include devices such as wireless, firewalls, DNS, and Log management role: External-facing technologies internal log server or media device. mail servers. Transferring logs from these sources to a central log server reduces the risk of those logs being lost. How syslog-ng PE helps you: The syslog-ng Premium Edition application pushes log messages from log sources to a central server in near real-time rather than pulling data in batches at periodic intervals. This not only ensures that logs are not saved locally for extended periods of time but also reduces traffic bursts. How syslog-ng Store Box helps you: The syslogng Store Box appliance was developed to be a secure, centralized log server. 16

17 Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 10.6: Review logs and security Log management role: Data breaches usually take events for all system components to identify place over days and months so daily review of logs can anomalies or suspicious activity. reduce the risk and magnitude of incidents. PCI DSS does not mandate that logs be reviewed manually; automated log collection and analysis tools can facilitate re- Requirement : Review the following at least daily: view. Logs from other system components should be reviewed on a periodic basis. All security events Logs of all system components that How syslog-ng PE helps you: Logs detailing activity store, process, or transmit CHD and/or SAD, or that could impact the security of CHD and/or SAD Logs of all critical system components Logs of all servers and system components that perform security functions. of critical system components are essential to identifying and preventing data breaches; missing logins, firewalls and IDS logs can compromise security. The syslog-ng Premium Edition application can ensure no messages are lost in collection and transfer of logs to the central log server with application-level acknowledgment using the Reliable Log Transfer Protocol (RLTP). With syslogng PE, you can also parse the content (that is, the message body) of the log messages, extract information from them, and filter and alert based on the extracted data, create reports and statistics, to help you focus on the important logs during a review. The syslog-ng Premium Edition application supports a wide variety of output formats, making it straightforward to integrate syslogng PE with third-party solutions. How syslog-ng Store Box helps you: The search interface of SSB helps you perform regular manual reviews, supplemented by a fast indexing engine, and giving the possibility to create ad-hoc charts and timelines to quickly find problematic points. Using the search API, you can create scripted queries and integrate with analysis tools. 17

18 Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 10.7: for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from backup). Retain audit trail history Log management role: Data breaches often occur over weeks and months. Retaining logs for at least a year provides investigators the data necessary to determine the length and magnitude of the breach. With three months of data readily accessible, investigators can quickly identify and mitigate breaches. How syslog-ng PE helps you: When stored in the logstore of the central syslog-ng Premium Edition server, log messages can be compressed to save disk space. Logs can be filtered into different containers in an extremely flexible manner based on their parameters, for example, receive date and time, sending host or program (or any combination thereof) to simplify the management and handling of huge amount of log data. How syslog-ng Store Box helps you: When stored in the logstore of SSB, log messages can be compressed to save disk space. SSB provides storage capacity for between 1 and 10TB of log data making log data immediately available to security experts. Messages can be automatically archived to an external storage. Archived messages are still encrypted, but remain available in the SSB web interface as long as the storage server is online, making it easy to review logs and find older messages in forensic situations. Also, SSB can provide access to the log messages over NFS or SMB protocols for those requiring more space or wanting to utilize their own existing storage solutions. The search functionality of SSB was designed to handle terabytes of data, and allows auditors to find the needle in the haystack quickly even if it means searching in years of stored log data. 18

19 Summary 3. Summary This paper has shown how to use the syslog-ng Store Box (SSB) appliance and the syslog-ng Premium Edition (syslog-ng PE) application to collect and manage log messages in a PCI DSS compliant environment. SSB is an ideal choice to enhance your IT infrastructure if your organization must comply to external regulations like PCI DSS About BalaBit BalaBit IT Security Ltd. is an innovative information security company, a global leader in the development of privileged activity monitoring, trusted logging and proxy-based gateway technologies to help protect customers against internal and external threats and meet security and compliance regulations. As an active member of the open source community, we provide solutions to a uniquely wide range of both open source and proprietary platforms, even for the most complex and heterogeneous IT systems across physical, virtual and cloud environments. BalaBit is also known for its flagship product, the open source log server application syslog-ng. BalaBit, the fastest-growing IT Security company in the Central European region according to Deloitte Technology Fast 50 (2012) list, has local offices in France, Germany, Russia, and in the USA, and cooperates with partners worldwide. Our R&D and global support centers are located in Hungary, Europe. To learn more about commercial and open source SSB products, request an evaluation version, or find a reseller, visit the following links: syslog-ng Store Box (SSB) homepage Product manuals, guides, and other documentation Contact us and request an evaluation version Find a reseller All questions, comments or inquiries should be directed to <info@balabit.com> or by post to the following address: BalaBit IT Security 1117 Budapest, Alíz Str. 2 Phone: Fax: Web: Copyright 2014 BalaBit IT Security Ltd. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of BalaBit. The latest version is always available at the BalaBit Documentation Page. 19