Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Securty Audit Correlating

from [Jose Costa] Network Security [Permanent Link]
Subject: Securty Audit Correlating
Date: Thu, 16 Dec 2004 16:54:53 -0300 (ART) 
Hi all,

Currently we are outsourcing our account creation,
password unlock/modify, folder creation/access control
and Internet/Applications Access Control to a third 
company and we need some audit and reports. We use AD
running on W2K Server.

Basically what we want to do is to activate GPO
Account Management and Object Access and create some
users with Admin/Account Operators rights and log
their object access on File Servers top folders and
account management tasks.

After that,we need to do some correlating with Help
Desk Tickets, based on time. We will audit that with
samples, not all logs or tickets.

The target is to discover if these accounts were used
without a help desk ticket, or they were used more
than they should be, based on the ticket.

My idea is to export both (event viewer and help desk
tickets) to a .txt, .cvs, etc file and compare them.
After that generate a report. I'd like to make some
automation for that...

Is there any best practices, samples, papers for that.

Any input or experience regarding it will be
appreciated.

Best Regards,

Jose Luiz


        
        
                
_______________________________________________________ 
Yahoo! Mail - Agora com 250MB de espaço gratuito. Abra 
uma conta agora! http://br.info.mail.yahoo.com/

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: services running in windows domain (winXP clients), Zack Schiel
Next by Date:  RE: services running in windows domain (winXP clients), Brady McClenon
Previous by Thread:  Subdomain security, Oren Held
Next by Thread:  Re: Securty Audit Correlating, SecurIT Informatique Inc.
Indexes:  [Date] [Thread] [Top] [All Lists]