Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Log checking programs

from [List Spam] Network Security [Permanent Link]
Subject: Re: Log checking programs
Date: Mon, 24 Jul 2006 13:53:14 -0700 
Check the "Data Analysis" section of the library at
http://www.loganalysis.org and spend 15 minutes reading.  You'll thank
yourself as you dig around and expand on your log alerting goals.

BTW...What defines suspicious activity?  From my point of view, failed
login log entries are expected and perfectly desired behavior when
someone fails to login to a logged facility...  You see, raw data is
just that - raw data - no matter if it lives in a log file or in an
email inbox.  Without having some method of analyzing/trending the
data, the data in and of itself is generally useless.

Sure, spot checks may identify a quirk or two that you can fix, but in
your example of suspicious activity being failed logins, how will that
allow you to find unauthorized SUCCESSFUL logins which, I humbly
suggest, would be infinitely better suited to the term "suspicious
activity"?

I'm not trying to burst your bubble - more people need to actually do
something with their logs and you are trying to do so.  Just be
cautious and don't get lulled into a false sense of security by
looking at the top layer (again your example of failed logins) without
taking the time to analyze and peel back all of the onion layers.

Happy hunting,

RE

On 24 Jul 2006 09:47:38 -0000, esecuritydude@googlemail.com
<esecuritydude@googlemail.com> wrote:

Hi all,


I am looking for some sort of program to check AD security event logs. 
Something or some way to automate checking the logs on the Domain Controllers 
and sending reports of suspicious activity to an email or something. e.g. 
Failed Logins etc...


Suggestions welcome,


Thanks in Advance,

Miguel

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Email Interception/Theft Statistics, david_98103
Next by Date:  Re: ADS Password Storage Protection, Michael Rice
Previous by Thread:  RE: Log checking programs, Depp, Dennis M.
Next by Thread:  Checkmate - A blog on Digital Forensics and Incident Response, checkmate
Indexes:  [Date] [Thread] [Top] [All Lists]