Downloaded 16 times
Uploaded bybalamurugan.k Kalibalamurugan
Security monitoring and auditing
The document outlines the implementation considerations for a security monitoring and auditing system, emphasizing the roles of logging, analyzing, and notifying security violations. It provides a case study on Microsoft Windows NT, highlighting its logging components including system, application, and security event logs. Key challenges include determining what information to log and audit, while implementation requires careful consideration of security policies and necessary logging details.
More Related Content
![Overview of the Cyber Kill Chain [TM]](https://cdn.slidesharecdn.com/ss_thumbnails/cybersecuritykillchain8-161209191549-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Security monitoring and auditing
Security monitoring and auditing
- 1. Security Monitoring and auditingSystem -Implementation considerations K.Balamurugan M.Tech-CSE-1st year Network Security
- 2. Auditing O Auditing isused to determining security violations. O Logging-recording system events and actions. O Auditing-analysis of these records. O Violations of security policies will be detected O Problems: 1.which information to log 2.which information to audit.
- 3. Auditing system components OSolution: based on security policies O Auditing system consist of 3 components 1.Logger- collect data 2.Analyzer –analyse the data 3.Notifier –report the results Log viewing tool-if information is recorded
- 4. Case Study: Microsoft WindowsNT O MS NT has three different sets of logs: O 1.System event log-System crashes, Component failures, etc. O 2.Application event log-application oriented logs. O 3.Security event log-logging in and out, system resources overuses, and access to system files. O Event viewer O Header and description
- 5. Case Study: Microsoft WindowsNT O Security log typically has following fields: O Date and time, source ,user, computer, event id, type, etc. O Description: when IE Executed successfully by administrator also get logged O Analyser component will take log as input and start analyses it. O Notifier : describes problem to user.
- 6. Implementation Considerations O Designing auditingsystem involves some implementation considerations. O Analysing the specific rules and axioms of a model reveal specific requirements for logging enough information to detect security violations.