In this video, Marc Menninger describes how to conduct log reviews. Learn how auditing logs help to reveal important facts about system and network security. Discover why log reviews are a key part of any technical security assessment.
- All systems should have audit logs enabled…to provide historical evidence of what occurred…on the systems.…The purpose of log reviews is to determine if systems…are adequately logging important security events…and if the organization is following it's own…logging policies and standards.…It should be fairly straight forward to compare…the written logging policies and standards if there are any…with the actually system audit logs and determine…if the correct logging is happening.…
System configuration settings should also indicate…what is being logged for additional confirmation.…For instance, an organization may require that…all failed and successful authentication attempts…should be logged.…If a system is found to log only successful…authentication attempts but not the failed attempts…that would be captured as a finding by the assessor.…Reviewing logs may also reveal system configuration problems…or even worse, evidence of unauthorized activity.…
One of the most famous cases of log reviews…indicating unauthorized activity is described…
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.