How to encrypt IIS log files?

glenimp617 · 5 Nov 2019 at 09:09

We have a requirement come in to encrypt the log files on our IIS server.

Does anyone have any ideas how I go about this? I assume there's either a setting to do this, or is it a case of having to copy them somewhere and then encrypt?

Help!

Quartz · 5 Nov 2019 at 09:28

Store them on an encrypted partition. Job done.

rhysduck · 5 Nov 2019 at 09:28

I don't believe there is such a setting in IIS / Windows to do that. Encrypted partition is probably the best.

Can I ask why you require to encrypt your iis logs?

glenimp617 · 5 Nov 2019 at 09:49

rhysduck said:
I don't believe there is such a setting in IIS / Windows to do that. Encrypted partition is probably the best.

Can I ask why you require to encrypt your iis logs?

I think it all started from a GDPR meeting. We do hold personal data coming in from a website we host.

What's some good software to encrypt partitions?

snips86x · 5 Nov 2019 at 09:50

Bitlocker would be the easiest I think

glenimp617 · 5 Nov 2019 at 09:55

snips86x said:
Bitlocker would be the easiest I think

The web server is a VM on Hyper-V. Would that cause any issues?

skyripper · 5 Nov 2019 at 09:55

What is your actual requirement? What are you protecting against and from whom?

An encrypted partition in Windows is going to give you protection only against someone getting to the disks who isnt an authorised admin. Any authorised admin will effectively see the IIS logs in plain text.

If you need to protect the contents of the logfiles (which is counter-productive to troubleshooting and normal admin!) then you need some form of logshipping to a secure server or service, or an automated way to encrypt all the logfiles as they are finished with.

Would it be easier to simply not record all that personal information in the logfiles?

glenimp617 · 5 Nov 2019 at 10:10

skyripper said:
What is your actual requirement? What are you protecting against and from whom?

An encrypted partition in Windows is going to give you protection only against someone getting to the disks who isnt an authorised admin. Any authorised admin will effectively see the IIS logs in plain text.

If you need to protect the contents of the logfiles (which is counter-productive to troubleshooting and normal admin!) then you need some form of logshipping to a secure server or service, or an automated way to encrypt all the logfiles as they are finished with.

Would it be easier to simply not record all that personal information in the logfiles?

You raise a good point, anyone who hacks the server will still be able to see the data won't they.

Mmmmmm, I'll ask what they are actually wanting to do and why. I think basically it's one of those, we read it online that we need to do it, so do it

glenimp617 · 5 Nov 2019 at 10:27

It's GDPR. any personally identifiable information (including IP addresses) must be encrypted.

The company GDPR officer hasn't a clue. Looking online, there is a lot of talk about it, but no concrete guidance.

If we stopped logging IP addresses, there's not much point in having them at all.

https://www.optimizesmart.com/ask-these-eight-questions-to-make-your-server-logs-gdpr-compliant/

LizardKing · 5 Nov 2019 at 11:58

Do you need to log ip's? i suspect having a retention of a day should be fine (gdpr is more risk based than a list of rules), otherwise you need to ship them off to a syslog server that can meet the requrments.

glenimp617 · 5 Nov 2019 at 15:00

LizardKing said:
Do you need to log ip's? i suspect having a retention of a day should be fine (gdpr is more risk based than a list of rules), otherwise you need to ship them off to a syslog server that can meet the requrments.

Possibly not to be honest. I guess we only need it when troubleshooting (maybe)

ecksmen · 6 Nov 2019 at 15:40

If you need the logs then there's some simple steps you can perform without any addtional costs. I'd start by creating a new folder location for logfiles, one that aligns to how apps are configured within IIS. Set up NTFS permissions so that the account running the app has NTFS write permissions only not read. NTFS also supports encrypted files / folders a combination of EFS and basic NTFS permissions should provide sufficent risk mitigation with minimal effort. Log rotation of course would not work, but easily scripted.

Liquidfox · 7 Nov 2019 at 16:19

TheOracle said:
Possibly not to be honest. I guess we only need it when troubleshooting (maybe)

So disable them unless you do? Job jobbed.

ov_sjo · 20 Dec 2019 at 14:28

Sorry for digging this up, but it's close to my heart.

There are loads of debates and paranoia/risk_aversion to the GDPR IP address thing. Yes, you can identify a person by an IP address, in SOME circumstances, not all. So a lot of companies and DPOs go ******* paranoid and say don't store IPs..

Technically IP addresses are sometimes personal data, and sometimes not. Do the regs state you must encrypt all personal data? And is that in flight, at rest. If you're trying to attest that you are not handling personal data, then you most likely need custom logs or just turn logging off.