Since I've been to busy \n I haven't been posting ANYTHING OH NO! \t Well I decided I'm just going to go on a snippet| \ spree->(enjoy) since this semester has taught me well...these condensed courses have put me in the mind_frame of shaving the bits off everything and putting it to light,_\ I'm going to share my mini definitions.
10 - Question Answers SEC520:
Services such as firewalls, routers, authentication servers, and intrusion detection and intrusion prevention systems provide logs useful information for security purposes.
\System Events – ex: LDAP/Kerberos authentication response for services, error codes, user accounts and systems account with an event are logged and checked for any suspicious activity.
Audit Records – pertain to more administratively tasks that are generated and logged, ex: security policy changes, policy folders/file access, account changes
Client request and server responses are logged in order to check on persons transactions between systems when accessing/ using certain resources or networked resources ex: E-mail, web browsers,, business applications.
Account Information: checks the failed authentication attempts, account changes, and use of privileges. This also identifies any malicious attacks toward the account and the use of what applications used by the client.
Usage information: checks the number of transactions occurred in the case that any malware threat or anything abnormal in size might indicate suspicious activity such as the transfer of company internal information.
Significant operational actions: checks application startup and shutdowns, application failures and major application configurations changes
Log management is necessary to provide sufficient detail of processes for an appropriate period of time. This will enable revision of logs in order to identify any security incidents, policy violations, fraudulent activity, and operational problems shortly after the initial occurrence.
Log Generation: Hosts generate log data; they are retrieved by logging client applications, services that are automated retrieving processes either by authentication or networked log servers.
Log Analysis and Storage: Receive the log data from the hosts that are gathered in real-time, near-real-time, or batches the servers are often called collectors or aggregator's. (Multiple: 1 analysis, 1 storage)
Log Monitoring: Analysis of the data and generation of automated reports.
No comments:
Post a Comment