Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Genuine question (that I've been seriously wondering about for a long time): how do you implement validated attestation that a piece of log data has reached nonvolatile storage, triggered appropriate alarms, and that those alarm events have been acknowledged, while using a data diode type setup?


If it is critical to have the log, it has to be local. Infrastructure shouldn't die if an internet connection goes down.

You can sent the status of the log out through the data diode, along with a copy of the data.


What do you do when this attestation fails? Eg. A fox chewed through the cable and the ack can't be received.


Depends on your setup but a message bus architecture with polling would work.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: