Security monitoring and auditing
-
Upload
balamurugank-kalibalamurugan -
Category
Technology
-
view
25 -
download
1
Transcript of Security monitoring and auditing
![Page 1: Security monitoring and auditing](https://reader036.fdocuments.us/reader036/viewer/2022082607/55b1d289bb61eb71368b45ca/html5/thumbnails/1.jpg)
Security Monitoring and auditing System
-Implementation considerations
K.BalamuruganM.Tech-CSE-1st yearNetwork Security
![Page 2: Security monitoring and auditing](https://reader036.fdocuments.us/reader036/viewer/2022082607/55b1d289bb61eb71368b45ca/html5/thumbnails/2.jpg)
AuditingO Auditing is used to determining
security violations.O Logging-recording system events
and actions.O Auditing-analysis of these records.O Violations of security policies will be
detectedO Problems: 1.which information to log 2.which information to audit.
![Page 3: Security monitoring and auditing](https://reader036.fdocuments.us/reader036/viewer/2022082607/55b1d289bb61eb71368b45ca/html5/thumbnails/3.jpg)
Auditing system components
O Solution: based on security policies
O Auditing system consist of 3 components
1.Logger- collect data 2.Analyzer –analyse the data 3.Notifier –report the resultsLog viewing tool-if information is recorded
![Page 4: Security monitoring and auditing](https://reader036.fdocuments.us/reader036/viewer/2022082607/55b1d289bb61eb71368b45ca/html5/thumbnails/4.jpg)
Case Study: Microsoft Windows NT
O MS NT has three different sets of logs:O 1.System event log-System crashes,
Component failures, etc.O 2.Application event log-application
oriented logs.O 3.Security event log-logging in and out,
system resources overuses, and access to system files.
O Event viewerO Header and description
![Page 5: Security monitoring and auditing](https://reader036.fdocuments.us/reader036/viewer/2022082607/55b1d289bb61eb71368b45ca/html5/thumbnails/5.jpg)
Case Study: Microsoft Windows NT
O Security log typically has following fields:
O Date and time, source ,user, computer, event id, type, etc.
O Description: when IE Executed successfully by administrator also get logged
O Analyser component will take log as input and start analyses it.
O Notifier : describes problem to user.
![Page 6: Security monitoring and auditing](https://reader036.fdocuments.us/reader036/viewer/2022082607/55b1d289bb61eb71368b45ca/html5/thumbnails/6.jpg)
Implementation Considerations
O Designing auditing system involves some implementation considerations.
O Analysing the specific rules and axioms of a model reveal specific requirements for logging enough information to detect security violations.