Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project 2: Windows Logging. UTSA IS 6353 Incident Response Ranum on Forensics “The real value of intrusion detection is diagnosing what is going on…never.

Published byAudra Pearson Modified over 9 years ago

Similar presentations

Presentation on theme: "Project 2: Windows Logging. UTSA IS 6353 Incident Response Ranum on Forensics “The real value of intrusion detection is diagnosing what is going on…never."— Presentation transcript:

1 Project 2: Windows Logging

2 UTSA IS 6353 Incident Response Ranum on Forensics “The real value of intrusion detection is diagnosing what is going on…never collect more data than you could conceivably want to look at. If you don’t know what to do with the data, it doesn’t matter how much you’ve got.” Marcus Ranum Network Flight Recorder

3 UTSA IS 6353 Incident Response Windows NT/2K Auditing By default security auditing is not enabled NT: Start|Programs|Administrative Tools| User Manager –User Manager select Policies|Audit –Logs => C:\WINNT\System32\Config\*.evt WIN2K: Administrative Tools| Local Security Policy –Logs => C:\WINNT\System32\Config\*.evt

4 UTSA IS 6353 Incident Response The Use of Tools “An apprentice carpenter may want only a hammer and a saw, but a master craftsman employs many precision tools. Computer programming likewise requires sophisticated tools to cope with the complexity of real applications, and only practice with these tools will build skill in their use.” Robert L. Kruse Data Structures and Program Design

5 Windows XP Logs

6 Computer Management

7 Computer Management Window

8 Event Viewer Application Log

9

10 Audit Policy Settings

11 Event Viewer Security Log

12 Event Viewer System Log

13 System Event

14 Performance Logs

15 UTSA IS 6353 Incident Response Schneier on Auditing “ Audit is vital whereever security is taken seriously. Audit is there so that you can detect a successful attack, figure out what happened after the fact, and then prove it in court.” Bruce Schneier Secrets & Lies Digital Security in a Networked World

16 UTSA IS 6353 Incident Response Summary Many System Tools You have use them to benefit Consider using some add-ons

Download ppt "Project 2: Windows Logging. UTSA IS 6353 Incident Response Ranum on Forensics “The real value of intrusion detection is diagnosing what is going on…never."

Similar presentations

IT Technical Support South Nottingham College. Aims Knowledge of the Registry Discuss the tools available to support a technician Gain an understanding.

IT Technical Support South Nottingham College. Aims Knowledge of the Registry Discuss the tools available to support a technician Gain an understanding.
Computer Security CIS326 Dr Rachel Shipsey.

Computer Security CIS326 Dr Rachel Shipsey.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Windows Vista Serious Challenges for Digital Investigators Authors: Darren Hayes Shareq Qureshi Presented By: Prerna Gupta.

Windows Vista Serious Challenges for Digital Investigators Authors: Darren Hayes Shareq Qureshi Presented By: Prerna Gupta.
Guide to MCSE 70-290, Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.

Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.

Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Similar presentations

Ads by Google