1 / 16

Project 2: Windows Logging

Project 2: Windows Logging. Ranum on Forensics. “The real value of intrusion detection is diagnosing what is going on…never collect more data than you could conceivably want to look at. If you don’t know what to do with the data, it doesn’t matter how much you’ve got.” Marcus Ranum

rberman
Download Presentation

Project 2: Windows Logging

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Project 2: Windows Logging

  2. Ranum on Forensics • “The real value of intrusion detection is diagnosing what is going on…never collect more data than you could conceivably want to look at. If you don’t know what to do with the data, it doesn’t matter how much you’ve got.” Marcus Ranum Network Flight Recorder

  3. Windows NT/2K Auditing • By default security auditing is not enabled • NT: Start|Programs|Administrative Tools| User Manager • User Manager select Policies|Audit • Logs => C:\WINNT\System32\Config\*.evt • WIN2K: Administrative Tools| Local Security Policy • Logs => C:\WINNT\System32\Config\*.evt

  4. The Use of Tools • “An apprentice carpenter may want only a hammer and a saw, but a master craftsman employs many precision tools. Computer programming likewise requires sophisticated tools to cope with the complexity of real applications, and only practice with these tools will build skill in their use.” Robert L. Kruse Data Structures and Program Design

  5. Windows XP Logs

  6. Computer Management

  7. Computer Management Window

  8. Event Viewer Application Log

  9. Event Viewer Application Log

  10. Audit Policy Settings

  11. Event Viewer Security Log

  12. Event Viewer System Log

  13. System Event

  14. Performance Logs

  15. Schneier on Auditing • “ Audit is vital whereever security is taken seriously. Audit is there so that you can detect a successful attack, figure out what happened after the fact, and then prove it in court.” Bruce Schneier Secrets & Lies Digital Security in a Networked World

  16. Summary • Many System Tools • You have use them to benefit • Consider using some add-ons

More Related