From the course: Performing a Technical Security Audit and Assessment
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Conduct log reviews
From the course: Performing a Technical Security Audit and Assessment
Conduct log reviews
- All systems should have audit logs enabled to provide historical evidence of what occurred on the systems. The purpose of log reviews is to determine if systems are adequately logging important security events and if the organization is following it's own logging policies and standards. It should be fairly straight forward to compare the written logging policies and standards if there are any with the actually system audit logs and determine if the correct logging is happening. System configuration settings should also indicate what is being logged for additional confirmation. For instance, an organization may require that all failed and successful authentication attempts should be logged. If a system is found to log only successful authentication attempts but not the failed attempts that would be captured as a finding by the assessor. Reviewing logs may also reveal system configuration problems or even worse, evidence of unauthorized activity. One of the most famous cases of log…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Required skillsets2m 52s
-
(Locked)
Conduct documentation reviews2m 8s
-
(Locked)
Conduct log reviews3m 4s
-
(Locked)
Conduct ruleset reviews2m 57s
-
(Locked)
Conduct system configuration reviews3m 35s
-
(Locked)
Conduct network sniffing1m 43s
-
(Locked)
Network sniffing tool demo: Wireshark3m 21s
-
(Locked)
Conduct file integrity checking4m 55s
-
(Locked)
File integrity checking tool demo1m 18s
-
(Locked)
Challenge: Pick the right reviews1m 6s
-
(Locked)
Solution: Pick the right reviews3m 9s
-
-
-
-
-
-
-