| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
A Security Analysis of System Event Logging with Syslog An analysis of the system event logging protocol, syslog is discussed. A review of the problems with the syslog protocol are descibed. Theses security problems include the tranmission of system log data in clear text, use of UDP for network transfer and storage of event data in cleartest. A survey of some of the syslog replacements was done. The paper concludes with a disucssion of how one might go about creating a reasonably secure logging infastructure.
By Kenneth E. Nawyn, 04/15/2004
|
|
Centralizing Event Logs on Windows 2000 This case study will detail how I setup a central repository for server logs and daily notifications of events that might indicate a security incident. This was done on a limited budget using free tools available from the internet and software already in use for other projects. My goal was to consolidate the Eventviewer logs, Internet Information Services (IIS) logs, and Urlscan logs from 15 Windows 2000 web servers into a database I could query against. I would then have the results of the queries automatically emailed to me.
By Gregory Lalla, 04/15/2004
|
|
Effective Logging & Use of the Kiwi Syslog Utility This paper will familiarize the reader with the basics of syslog as defined by RFC 3164, describe some variations of syslog as implemented by various network hardware vendors, provide an overview specifically of Kiwi's syslog utility and its' functionality, demonstrate basic configuration of the syslog utility, and finally provide examples of some advanced configurations of the syslog utility that will offer specific automated functionality tailored toward specific needs. Screenshots and other information will be presented in order to provide a clearer understanding of how to accomplish these tasks using the utility. After reading this document, a security professional should have a good understanding of how Kiwi's syslog utility could be implemented to provide an effective means of providing network information used for a wide range of tasks.
By Brian R. Wilkins, 04/15/2004
|
|
Importance of Understanding Logs from an Information Security Standpoint Information Security has many facets and branches, but to really understand what is going on in this new world, you need the ability to read, translate, and understand the wide variety of logs generated by the information stream. This document will discuss the importance of logs in the 21st century, and give an idea of what problems Information Security professionals face when trying to analyze them. We start from the beginning by defining what a log really is and what its purpose is. Then we talk about ways to improve your understanding of logs, how to decipher their cryptic formats, and how to manage logs effectively. Finally we wrap up with discussion on legalities of logs, and why it is so critical to effectively manage, maintain, and secure logs.
By Stewart Allen, 04/15/2004
|
|
Syslog and Netsaint: How to Integrate Centralized Logging with Centralized Monitoring In today's organization where there are NT and Linux servers popping up alongside midrange UNIX servers, there is a growing need for centralized management. Many commercial products attempt to solve this problem by providing software that integrates centralized host management, single sign-on, SNMP monitoring, and remote control tools. These packages can be very costly and difficult to implement successfully across the enterprise. It is possible to achieve the same tasks with open-source software and the built-in utilities that most OS's provide. This paper will address three aspects of centralized management: 1) Centralized log management 2) Centralized monitoring and 3) The integration of the two technologies. The integration of these two technologies will give the overworked systems administrator more time to proactively manage his/her systems by virtually eliminating time spent poring over log files and constantly checking system status.
By Richard Murphy, 04/15/2004
|
|
Getting the Most out of your Firewall Logs A good security solution has many layers or components, commonly referred to as "Defense in Depth". Regardless of which types of security solutions are being implemented, logging is critical to ensure their implementation is running smoothly as well to keep tabs on what is happening in an environment. While it is easy to suggest that all logs should be looked on a weekly, if not daily basis, the amount of information commonly logged is so great and often times in a format that is difficult to understand, it becomes a tedious job that more times than not gets overlooked. As a result logs are either not reviewed at all or given a cursory review, which results in the most critical items being missed altogether.
By Matt Willard, 04/08/2004
|
|
Using ISA Server Logs to Interpret Network Traffic Firewalls are necessary for a defense-in-depth strategy. Microsoft entered the firewall market with Internet Security and Acceleration Server (ISA Server). ISA Server was a follow-on release of Microsoft Proxy Server and part of the .Net Family. As with most Microsoft products, logging capabilities are included. ISA Server contains detailed security and access logs. You can install ISA Server in three different modes: firewall mode, web caching mode, or integrated mode. In firewall mode, you can secure communication between an internal network and the Internet using rules. You can publish internal servers so that their services are available to Internet users. In web caching mode, you can decrease network bandwidth with ISA Server storing commonly accessed objects locally. You can route web requests from the Internet to an internal Web Server. In integrated mode, all of these features are available.
04/08/2004
|
|
Practical Implementation of Syslog in Mixed Windows Environments for Secure Centralized Audit Logging The Event log service is by design a distributed system, and there are no native Windows tools available to facilitate centralization of logging functions. In addition, the failure to conform to any external logging format standard makes it impossible to interoperate with the logging functions of other operating systems or network devices. The Windows Event viewer application offers only basic functionality and is inadequate for monitoring the audit log files of any medium to large size network. In this paper, I survey some of the options available to access the Windows Event log and demonstrate how to implement a versatile centralized remote logging solution using a commercially available Win32 implementation of the Syslog protocol.
By Frederick C Garbrecht, 04/03/2004
|
|
Event Logs: Defining Their Purpose in Today's Network Security Environment The purpose of this research topic is to identify the purpose of the event log in today's network security environment. This topic came about to solve an every day business problem. Simply, there is not enough time in the day to perform all security analyst tasks and adequately monitor all network security devices. However, expectations were that monitoring all components of network security is essential. It's the way things had been done and anything short of that may render a device or component of network security as "insecure". It was clear that something must be done.
By Steve Meyer, 03/28/2004
|
|
Case Study: Implementing a Centralized Logging Facility During the past several years I have found that there is an increase use in the number of Windows based systems appearing in our predominately all UNIX environment. This has been a downfall especially since UNIX and Windows systems are so different with regards to logging facilities, UNIX with its syslog facilities and Windows Eventlog; therefore I needed to find a way so that our Windows and UNIX systems could utilize a more robust logging facility. With budget concerns, being a major contributing factor, I needed to find a solution that was inexpensive. Therefore all the items that I chose to implement at this time are freeware and applications that already exist in our environment. The Windows systems needed to be configured so that they would audit the proper events and then forward that onto a UNIX system for storage and eventually analysis. Next, the UNIX systems needed a bit of tuning to get syslog to log the correct items. Finally, the logs needed to be retained and rotated.
By Richard L. DuClos, 03/28/2004
|
|
Page: 1 2 3 |
