Today we continue our series on Secure Auditing with a look at Solaris and the C2 or BSM (Basic Security Module) option.
-Ananth
Archive for the ‘100 uses of Log Management’ Category100 Log Management uses #67 Secure Auditing – SolarisMonday, August 9th, 2010100 Log Management uses #66 Secure Auditing – LAuSThursday, July 8th, 2010100 Log Management uses #65 Secure Auditing – IntroductionMonday, June 7th, 2010This post introduces the concepts behind secure auditing. In subsequent posts we will look at secure auditing implementations in several of the Unix (Solaris, AIX, HP-UX) and Linux distributions. My apologies that this intro is a bit long at about 10 minutes but I think the foundation is worthwhile. -Ananth 100 Log Management uses #64: Tracking user activity, Part IIIMonday, April 26th, 2010Continuing our series on user activity monitoring, today we look at something that is very hard to do in Vista and later, and impossible in XP and earlier — that is reporting on system idle time. The only way to accomplish this in Windows is to setup a domain policy to lock the screen after a certain amount of time and then calculate from the time the screen saver is invoked to when it is cleared. In XP and prior, however, the invocation of the screensaver does not generate an event so you are out of luck. In Vista and later, an event is triggered so it is slightly better, but even there the information generated should only be viewed as an estimate as the method is not fool-proof. We’ll look at the Pro’s (few) and Con’s (many). Enjoy. - Ananth 100 Log Management uses #63: Tracking user activity, Part IIWednesday, April 14th, 2010Today we continue our series on user activity monitoring using event logs. The beginning of any analysis of user activity starts with the system logon. We will take a look at some sample events and describe the types of useful information that can be pulled from the log. While we are doing user logons, we will also take a short diversion into failed user logons. While perhaps not directly useful for activity monitoring paying attention to attempts to logon are also critical. - Ananth 100 Log Management uses #62: Tracking user activityWednesday, April 7th, 2010Today we begin a new miniseries – looking at and reporting on user activities. Most enterprises restrict what users are able to do — such as playing computer games during work hours. This can be done through software that restricts access, but often it is simply enforced on the honor system. Regardless of which approach a company takes, analyzing logs presents a pretty good idea of what users are up to. In the next few sessions we will take a look at the various logs that get generated and what can be done with them. - Ananth 100 Log Management uses #61: Static IP address conflictsWednesday, March 31st, 2010Today we look at an interesting operational use case of logs that we learned about by painful experience — static IP address conflicts. We have a pretty large number of static IP addresses assigned to our server machines. Typical of a smaller company we assigned IP addresses and recorded them in a spread sheet. Well, one of our network guys made a mistake and we ended up having problems with duplicate addresses. The gremlins came out in full force and nothing seemed to be working right! We used logs to quickly diagnosis the problem. Although I mention a windows pop-up as a possible means of being alerted to the problem I can safely say we did not see it, or if we did, we missed it. - Ananth 100 Log Management uses #60: The top 10 workstation reports that must be reviewed to improve security and prevent outagesTuesday, March 9th, 2010100 Log Management uses #59: 6 items to monitor on workstationsThursday, February 25th, 2010In part 2 of our series on workstation monitoring we look at the 6 things that are in your best interest to monitor — the types of things that if you proactively monitor will save you money by preventing operational and security problems. I would be very interested if any of you monitor other things that you feel would be more valuable. Hope you enjoy it. -Ananth 100 Log Management uses #58: The why, how and what of monitoring logs on workstationsThursday, February 18th, 2010Today we are going to start a short series on the value of monitoring logs on Windows workstations. It is commonly agreed to that log monitoring on servers is a best practice, but until recently the complexity and expense of log management on workstations made most people shy away, but log monitoring on the workstation is valuable, and easy as well, if you know what to look for. These next 3 blogs will tell you the why, how and what. -Ananth
|
8815 Centre Park Dr. • Columbia MD
21045 • 877.333.1433
© 2010 Prism Microsystems, Inc. • Privacy • Terms of Use
© 2010 Prism Microsystems, Inc. • Privacy • Terms of Use
