Mohsin Ali, profile picture
Uploaded byMohsin Ali
PPTX, PDF314 views

Log maintenance network securiy

Logs record events within an organization's systems and networks. Log management is important for identifying security incidents, policy violations, and operational problems by routinely analyzing logs. However, log management faces challenges including balancing resources with increasing log data, inconsistent log content and formats, and protecting log confidentiality and integrity. Proper log management requires prioritizing it, establishing policies, maintaining secure infrastructure, and training staff.

Embed presentation

Download to read offline
Log Maintenance Mohsin -082
LOG-Introduction • A log is a record of the events occurring within an organization’s systems and networks. Logs are composed of log entries; each entry contains information related to a specific event that has occurred within a system or network. Many logs within an organization contain records related to computer security. These computer security logs are generated by many sources, including security software, such as antivirus software, firewalls, and intrusion detection and prevention systems; operating systems on servers, workstations, and networking equipment; and applications.
LOG Management-Benfits • Log management is essential to ensuring that computer security records are stored in enough detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. Logs are also useful when performing auditing and forensic analysis, supporting internal investigations, establishing baselines, and identifying operational trends and long-term problem
The Basics of Computer Security Logs • Logs can contain a wide variety of information on the events occurring within systems and networks. • Security software logs primarily contain computer security-related information
Security Software Security software is a major source of computer security log data. Common types of network-based and host based security software include the following: Antimalware Software Intrusion Detection and Intrusion Prevention Systems Remote Access Software Web Proxies. Vulnerability Management Software Authentication Servers Authentication Servers. Routers Firewalls
Log-Example Personal Firewall 3/6/2006 8:14:07 AM,"Rule ""Block Windows File Sharing"" blocked (192.168.1.54, netbios-ssn(139)).",“ Rule ""Block Windows File Sharing"" blocked (192.168.1.54, netbios-ssn(139)). Inbound TCP connection. Local address,service is (KENT(172.30.128.27),netbios- ssn(139)). Remote address,service is (192.168.1.54,39922). Process name is ""System""." 3/3/2006 9:04:04 AM,Firewall configuration updated: 398 rules.,Firewall configuration updated: 398 rules.
Usefulness of Logs • Detecting attacks, fraud, and wrong usage. For example, an intrusion detection system could record malicious commands issued to a server from an external host; this would be a primary source of attack information. An incident handler could then review a firewall log to look for other connection attempts from the same source IP address; This would be a secondary source of attack information. • Administrators using logs should also be mindful of the trustworthiness of each log source. Log sources that are not properly secured, including insecure transport mechanisms, are more susceptible to log configuration changes and log alteration
The Need for Log Management • It helps to ensure that computer security records are stored in sufficient detail for an appropriate period of time. • Routine log reviews and analysis are beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems shortly after they have occurred, and for providing information useful for resolving such problems • Logs can also be useful for performing auditing and forensic analysis, supporting the organization’s internal investigations, establishing baselines, and identifying operational trends and longterm problems
The Challenges in Log Management • Effectively balancing a limited amount of log management resources with an ever-increasing supply of log data • There are several potential problems with the initial generation of logs because of their variety and prevalence. • The confidentiality, integrity, and availability of generated logs could be breached inadvertently or intentionally • The people responsible for performing log analysis are often inadequately prepared and supported
Log Generation and Storage • Many Log Sources • Inconsistent Log Content • Inconsistent Timestamps • Inconsistent Log Formats.
Log Protection • Because logs contain records of system and network security, they need to be protected from breaches of their confidentiality and integrity. For example, logs might intentionally or inadvertently capture sensitive information such as users’ passwords and the content of e-mails. This raises security and privacy concerns involving both the individuals that review the logs and others that might be able to access the logs through authorized or unauthorized means. Logs that are secured improperly in storage or in transit might also be susceptible to intentional and unintentional alteration and destruction. This could cause a variety of impacts, including allowing malicious activities to go unnoticed and manipulating evidence to conceal the identity of a malicious party. For example, many rootkits are specifically designed to alter logs to remove any evidence of the rootkits’ installation or execution
Log Analysis • Within most organizations, network and system administrators have traditionally been responsible for performing log analysis • It has often been treated as a low-priority task by administrators and management because other duties of administrators • Administrators who are responsible for performing log analysis often receive no training on doing it efficiently and effectively, particularly on prioritization
Meeting the Challenges • Prioritize log management appropriately throughout the organization. • Establish policies and procedures for log management. • Create and maintain a secure log management infrastructure. • Provide adequate support for all staff with log management responsibilities
Examples of Logging Configuration Settings

More Related Content

PPTX
Physical Security
bykavitha muneeshwaran
 
PPT
Ch8ed12romney
bywoyaoni
 
PPTX
Data/File Security & Control
byAdetula Bunmi
 
PPTX
SORT OUT YOUR SIEM
bySecureData Europe
 
DOCX
Surelog Detail
byANETUSA Software
 
PPT
Networking
bySalman Memon
 
PPTX
Essential Layers of IBM i Security: File and Field Security
byPrecisely
 
PPTX
Smart city project's Information Security challenges
byBehak Kangarloo
 
Physical Security
bykavitha muneeshwaran
 
Ch8ed12romney
bywoyaoni
 
Data/File Security & Control
byAdetula Bunmi
 
SORT OUT YOUR SIEM
bySecureData Europe
 
Surelog Detail
byANETUSA Software
 
Networking
bySalman Memon
 
Essential Layers of IBM i Security: File and Field Security
byPrecisely
 
Smart city project's Information Security challenges
byBehak Kangarloo
 

What's hot

PPTX
Essential Layers of IBM i Security: Security Monitoring and Auditing
byPrecisely
 
PDF
Modern vs. Traditional SIEM
byAlert Logic
 
PPTX
IBM i Security SIEM Integration
byPrecisely
 
DOC
SIEM
byvikasraina
 
PPTX
Chapter 1
byHadi Aoun
 
PPTX
Siem tools-monitor-your-network
byhardik soni
 
PPTX
Security Information and Event Managemen
byS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
PPTX
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
byrver21
 
PPTX
McAfee SIEM solution
byhashnees
 
PPTX
Information Security (Firewall)
byZara Nawaz
 
PPTX
Vendor Landscape: Security Information and Event Management
byInfo-Tech Research Group
 
PDF
SIEM Architecture
byNishanth Kumar Pathi
 
PPTX
What is SIEM
byPatten John
 
PPTX
SIEM presentation final
byRizwan S
 
PPT
Lesson 1- Intrusion Detection
byMLG College of Learning, Inc
 
PPTX
Siem solutions R&E
byOwais Ahmad
 
PDF
Operations Security Presentation
byWajahat Rajab
 
PPTX
Essential Security Control Implementation in IT
byProfessor Lili Saghafi
 
PDF
Siem Overview 2009
byjohndyson1
 
PPTX
information security (Audit mechanism, intrusion detection, password manageme...
byZara Nawaz
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
byPrecisely
 
Modern vs. Traditional SIEM
byAlert Logic
 
IBM i Security SIEM Integration
byPrecisely
 
SIEM
byvikasraina
 
Chapter 1
byHadi Aoun
 
Siem tools-monitor-your-network
byhardik soni
 
Security Information and Event Managemen
byS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
byrver21
 
McAfee SIEM solution
byhashnees
 
Information Security (Firewall)
byZara Nawaz
 
Vendor Landscape: Security Information and Event Management
byInfo-Tech Research Group
 
SIEM Architecture
byNishanth Kumar Pathi
 
What is SIEM
byPatten John
 
SIEM presentation final
byRizwan S
 
Lesson 1- Intrusion Detection
byMLG College of Learning, Inc
 
Siem solutions R&E
byOwais Ahmad
 
Operations Security Presentation
byWajahat Rajab
 
Essential Security Control Implementation in IT
byProfessor Lili Saghafi
 
Siem Overview 2009
byjohndyson1
 
information security (Audit mechanism, intrusion detection, password manageme...
byZara Nawaz
 

Similar to Log maintenance network securiy

PPT
FIRST 2006 Full-day Tutorial on Logs for Incident Response
byAnton Chuvakin
 
PPT
Logs for Information Assurance and Forensics @ USMA
byAnton Chuvakin
 
PPTX
Power of logs: practices for network security
byInformation Technology Society Nepal
 
PPT
Log Forensics from CEIC 2007
byAnton Chuvakin
 
PDF
UNIT -III SIEM aur baato kaise hai aap log.pdf
byhefagi6193
 
PPT
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byguestc0c304
 
PPT
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byAnton Chuvakin
 
DOC
Audit logs for Security and Compliance
byAnton Chuvakin
 
PPT
Best practises for log management
byBrian Honan
 
PPT
NIST 800-92 Log Management Guide in the Real World
byAnton Chuvakin
 
PDF
13 essential log_col_infog
byhuynhvanphuc
 
PPT
Making Logs Sexy Again: Can We Finally Lose The Regexes?
byAnton Chuvakin
 
PPT
The importance of logs - DefCamp 2012
byDefCamp
 
PPTX
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
byAnton Chuvakin
 
PPT
What Every Organization Should Log And Monitor
byAnton Chuvakin
 
PPTX
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
byAnton Chuvakin
 
PPTX
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
byAnton Chuvakin
 
PPTX
IT Security: Eliminating threats with effective network & log analysis
byManageEngine, Zoho Corporation
 
DOC
Logging "BrainBox" Short Article
byAnton Chuvakin
 
PPTX
Log Standards & Future Trends by Dr. Anton Chuvakin
byAnton Chuvakin
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
byAnton Chuvakin
 
Logs for Information Assurance and Forensics @ USMA
byAnton Chuvakin
 
Power of logs: practices for network security
byInformation Technology Society Nepal
 
Log Forensics from CEIC 2007
byAnton Chuvakin
 
UNIT -III SIEM aur baato kaise hai aap log.pdf
byhefagi6193
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byguestc0c304
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byAnton Chuvakin
 
Audit logs for Security and Compliance
byAnton Chuvakin
 
Best practises for log management
byBrian Honan
 
NIST 800-92 Log Management Guide in the Real World
byAnton Chuvakin
 
13 essential log_col_infog
byhuynhvanphuc
 
Making Logs Sexy Again: Can We Finally Lose The Regexes?
byAnton Chuvakin
 
The importance of logs - DefCamp 2012
byDefCamp
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
byAnton Chuvakin
 
What Every Organization Should Log And Monitor
byAnton Chuvakin
 
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
byAnton Chuvakin
 
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
byAnton Chuvakin
 
IT Security: Eliminating threats with effective network & log analysis
byManageEngine, Zoho Corporation
 
Logging "BrainBox" Short Article
byAnton Chuvakin
 
Log Standards & Future Trends by Dr. Anton Chuvakin
byAnton Chuvakin
 

More from Mohsin Ali

PPTX
RSA Algorithem and information about rsa
byMohsin Ali
 
PPTX
Digital signature by mohsin iftikhar
byMohsin Ali
 
PPTX
Principles of public key cryptography and its Uses
byMohsin Ali
 
PPTX
Contract What is Contract and its types
byMohsin Ali
 
PPTX
Professional ethical issue
byMohsin Ali
 
PPTX
Softwares open source shareware commercial Proprietary By Mohsin Iftikhar
byMohsin Ali
 
RSA Algorithem and information about rsa
byMohsin Ali
 
Digital signature by mohsin iftikhar
byMohsin Ali
 
Principles of public key cryptography and its Uses
byMohsin Ali
 
Contract What is Contract and its types
byMohsin Ali
 
Professional ethical issue
byMohsin Ali
 
Softwares open source shareware commercial Proprietary By Mohsin Iftikhar
byMohsin Ali
 

Recently uploaded

PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
PDF
Designing a Blog Using Wordpress
bymarkzubi50
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
BEP-20 Token on BNB Chain: From Concept to Deployment.pdf
byimoliviabennett
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PPTX
WEEK 1-introduction of industrial arts grade 7.pptx
byrosierufinomaliongan
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
Designing a Blog Using Wordpress
bymarkzubi50
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
BEP-20 Token on BNB Chain: From Concept to Deployment.pdf
byimoliviabennett
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
WEEK 1-introduction of industrial arts grade 7.pptx
byrosierufinomaliongan
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 

Log maintenance network securiy

  • 1.
  • 2.
    LOG-Introduction • A logis a record of the events occurring within an organization’s systems and networks. Logs are composed of log entries; each entry contains information related to a specific event that has occurred within a system or network. Many logs within an organization contain records related to computer security. These computer security logs are generated by many sources, including security software, such as antivirus software, firewalls, and intrusion detection and prevention systems; operating systems on servers, workstations, and networking equipment; and applications.
  • 3.
    LOG Management-Benfits • Logmanagement is essential to ensuring that computer security records are stored in enough detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. Logs are also useful when performing auditing and forensic analysis, supporting internal investigations, establishing baselines, and identifying operational trends and long-term problem
  • 4.
    The Basics ofComputer Security Logs • Logs can contain a wide variety of information on the events occurring within systems and networks. • Security software logs primarily contain computer security-related information
  • 5.
    Security Software Security softwareis a major source of computer security log data. Common types of network-based and host based security software include the following: Antimalware Software Intrusion Detection and Intrusion Prevention Systems Remote Access Software Web Proxies. Vulnerability Management Software Authentication Servers Authentication Servers. Routers Firewalls
  • 6.
    Log-Example Personal Firewall 3/6/2006 8:14:07AM,"Rule ""Block Windows File Sharing"" blocked (192.168.1.54, netbios-ssn(139)).",“ Rule ""Block Windows File Sharing"" blocked (192.168.1.54, netbios-ssn(139)). Inbound TCP connection. Local address,service is (KENT(172.30.128.27),netbios- ssn(139)). Remote address,service is (192.168.1.54,39922). Process name is ""System""." 3/3/2006 9:04:04 AM,Firewall configuration updated: 398 rules.,Firewall configuration updated: 398 rules.
  • 7.
    Usefulness of Logs •Detecting attacks, fraud, and wrong usage. For example, an intrusion detection system could record malicious commands issued to a server from an external host; this would be a primary source of attack information. An incident handler could then review a firewall log to look for other connection attempts from the same source IP address; This would be a secondary source of attack information. • Administrators using logs should also be mindful of the trustworthiness of each log source. Log sources that are not properly secured, including insecure transport mechanisms, are more susceptible to log configuration changes and log alteration
  • 8.
    The Need forLog Management • It helps to ensure that computer security records are stored in sufficient detail for an appropriate period of time. • Routine log reviews and analysis are beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems shortly after they have occurred, and for providing information useful for resolving such problems • Logs can also be useful for performing auditing and forensic analysis, supporting the organization’s internal investigations, establishing baselines, and identifying operational trends and longterm problems
  • 9.
    The Challenges inLog Management • Effectively balancing a limited amount of log management resources with an ever-increasing supply of log data • There are several potential problems with the initial generation of logs because of their variety and prevalence. • The confidentiality, integrity, and availability of generated logs could be breached inadvertently or intentionally • The people responsible for performing log analysis are often inadequately prepared and supported
  • 10.
    Log Generation andStorage • Many Log Sources • Inconsistent Log Content • Inconsistent Timestamps • Inconsistent Log Formats.
  • 11.
    Log Protection • Becauselogs contain records of system and network security, they need to be protected from breaches of their confidentiality and integrity. For example, logs might intentionally or inadvertently capture sensitive information such as users’ passwords and the content of e-mails. This raises security and privacy concerns involving both the individuals that review the logs and others that might be able to access the logs through authorized or unauthorized means. Logs that are secured improperly in storage or in transit might also be susceptible to intentional and unintentional alteration and destruction. This could cause a variety of impacts, including allowing malicious activities to go unnoticed and manipulating evidence to conceal the identity of a malicious party. For example, many rootkits are specifically designed to alter logs to remove any evidence of the rootkits’ installation or execution
  • 12.
    Log Analysis • Withinmost organizations, network and system administrators have traditionally been responsible for performing log analysis • It has often been treated as a low-priority task by administrators and management because other duties of administrators • Administrators who are responsible for performing log analysis often receive no training on doing it efficiently and effectively, particularly on prioritization
  • 13.
    Meeting the Challenges •Prioritize log management appropriately throughout the organization. • Establish policies and procedures for log management. • Create and maintain a secure log management infrastructure. • Provide adequate support for all staff with log management responsibilities
  • 14.
    Examples of LoggingConfiguration Settings