Page 52 - StudyBook.pdf
P. 52

36     Chapter 1 • General Security Concepts: Access Control, Authentication, and Auditing

             found in the Syngress books Security Log Management: Identifying Patterns in the
             Chaos and Microsoft Log Parser Toolkit.


                Read Those Logs!
            Damage & Defense…  files on a regular basis. Auditing provides us with the ability not only to
                One of the major problems with auditing is the simple fact that many
                network administrators do not have time to read and analyze the log

                provide a chronological path of access or attack, but also to spot trends
                of unauthorized activity so that they can be blocked before they do any
                damage. Unfortunately, many organizations do not devote the time to
                examine audit logs until after an attack. Good maintenance and proce-
                dures regarding the analysis of the log files will benefit your security
                efforts.
                     This may seem a daunting task when a large amount of log data is
                concerned. Tools have been developed which can help with this such as
                Microsoft Log Parser or other free tools geared towards this purpose. By
                analyzing the log files for patterns or specific data, you can reduce the
                time required to review the log files. The difference between looking
                through logs line-by-line versus scanning the logs for suspicious activity
                can be hours of time savings.


             System Scanning

             System scanning, when viewed from the context of a security system specialist or
             security administrator, is the use of appropriate technologies to detect and repair
             potential areas of vulnerability within the system.This involves tools that are used
             to evaluate potential or real problems that could lead to a security breach.Among
             these, you may see or use tools that:

                  ■   Check the strength of and compliance with password policies

                  ■   Measure the ability to access networks from an outside or foreign network
                  ■   Provide analysis of known security vulnerabilities in NOS or hardware
                      devices
                  ■   Test a system’s responses to various scenarios that could lead to Denial of
                      Service (DoS) or other problems such as a system crash.

                 System scanning is useful in a number of different areas. In addition to scanning
             for security weaknesses, it is useful in monitoring tools that have been used in the
             past to monitor network and device performance, as well as in specialized scanning



          www.syngress.com
   47   48   49   50   51   52   53   54   55   56   57