Which of the following would BEST maintain the integrity of a firewall log?

A.
Granting access to log information only to administrators

B.
Capturing log events in the operating system layer

C.
Writing dual logs onto separate storage media

D.
Sending log information to a dedicated third-party log server

Explanation:
Establishing a dedicated third-party log server and logging events in it is the best procedure for
maintaining the integrity of a firewall log. When access control to the log server is adequately
maintained, the risk of unauthorized log modification will be mitigated, therefore improving the
integrity of log information. To enforce segregation of duties, administrators should not have access
to log files. This primarily contributes to the assurance of confidentiality rather than integrity.
Thereare many ways to capture log information: through the application layer, network layer,
operating systems layer, etc.; however, there is no log integrity advantage in capturing events in
the operating systems layer. If it is a highly mission-critical information system, it may be nice to
run the system with a dual log mode. Having logs in two different storage devices will primarily
contribute to the assurance of the availability of log information, rather than to maintaining its
integrity.