| Tracking the Inside Intruder Using Net Log on Debug Logging in Microsoft Windows Server Operating Systems | |
| Davis, CS | |
| Savannah River Site (S.C.) | |
| 关键词: Intrusion Detection Systems; 99 General And Miscellaneous//Mathematics, Computing, And Information Science; Detection; Internet; N Codes; | |
| DOI : 10.2172/821103 RP-ID : WSRC-TR-2004-00011 RP-ID : AC09-96SR18500 RP-ID : 821103 |
|
| 美国|英语 | |
| 来源: UNT Digital Library | |
 PDF
|
|
【 摘 要 】
In today's well-connected environments of the Internet, intranets, and extranets, protecting the Microsoft Windows network can be a daunting task for the security engineer. Intrusion Detection Systems are a must-have for most companies, but few have either the financial resources or the people resources to implement and maintain full-scale intrusion detection systems for their networks and hosts. Many will at least invest in intrusion detection for their Internet presence, but others have not yet stepped up to the plate with regard to internal intrusion detection. Unfortunately, most attacks will come from within. Microsoft Windows server operating systems are widely used across both large and small enterprises. Unfortunately, there is no intrusion detection built-in to the Windows server operating system. The security logs are valuable but can be difficult to manage even in a small to medium sized environment. So the question arises, can one effectively detect and identify an in side intruder using the native tools that come with Microsoft Windows Server operating systems? One such method is to use Net Logon Service debug logging to identify and track malicious user activity. This paper discusses how to use Net Logon debug logging to identify and track malicious user activity both in real-time and for forensic analysis.
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| 821103.pdf | 135KB |  download |
878987797
028-85220240
