The Problem

Network-based intrustion detection and centralized logging are key tools for network security

These are our last line of defense: when network defences fail, we need alarms to alert us to the fact that they've failed, and logs to show us how and when.

But IDS probes & log servers are often subject to the same vulnerabilities as the hosts they help to protect.

How can we remove such systems from danger while leaving them fully engaged as passive observers?