w4

docx

School

DeVry University, Denver *

*We aren’t endorsed by this school

Course

247C

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

4

Uploaded by arlne7732

Report
Assignment: 1. Describe information found in logs and the value it might have in a security investigation. While conducting the steps in the practice lab, none of the audit were configured by default. Each of the subcategories would need to be configured to: Configure the following audit events Success Failure Information found in the logs and value would be the following: User IDs Date and time Log in Log off Other key events Terminal identity Attempts to assess systems to data or applications Failures Successful Files and networks accessed Changes to the configuration Use of system utilities Events Triggered alarms Exceptions
Other security related Activation of protection systems Antivirus Intrusion detection systems Antimalware All the above list must in the log in the event of any type investigating an incident. 2. Active Directory audit policy settings are critical to the overall audit capability of the network. Explain why. So, Active Directory does automatically audit certain security events. In turn, auditing must be enabled for these events to start auditing the event logs. In this event you would need to provide certain permissions. By doing so, you would need to create a (GPO) group policy object and deploying domain controllers in the active directory. 3. What are the risks associated with logging too little data or not auditing the correct events? The risks associated with logging too little or not auditing the correct events are so many. There can be hackers that can go unnoticed. In that case there are no proof whether of not this hacker was the cause of a security breach. There can be malicious attacks that just passed under your noises so easily and all sensitive information are all leaked. No one would know how to explain this situation. 4. What are the risks associated with logging too many events? There are no risks associated with logging too many events. All logs are very important for the security and the process improvement reasons. Logs can be kept for a month. For any suspicious systems should be done for about 6 months.
5. What is the impact on security and security investigations of using default configurations settings to create audit logs? By default, if you define a value for a policy in one of the top-level categories—either in the computer's Local Security Policy or in an applicable GPO—then that top-level policy will usually override any configurations that you make at the subcategory level. Under Windows’ default behavior, subcategory policies take effect only when you leave the related top-level category undefined in the Local Security Policy and in all applicable GPOs. If a category policy is defined, then all subcategory policies under that policy will be defined. We stress usually and default behavior because the new Group Policy Object Editor (GPE) Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings setting (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options) reverses that behavior. If you enable this setting, then your subcategory configurations will override how the applied Group Policy sets the top-level policies. Audit logs are beneficial to have for a number of reasons. To be effective, IT must understand log requirements for each system, then document what will be logged for each system and get management’s approval. This will reduce ambiguity over the details of logging and facilitate proper management. https://www.ultimatewindowssecurity.com/securitylog/book/page.aspx?spid=chapter2
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Intrusion Detection Systems have been around for several decades. One of the best around has been Snort, which is an open source IDS. Many years ago now, the Intrusion Prevention Systems (IPS) came out prompting a Gartner Analyst to proclaim that IDS is dead and there is no longer any reason to use IDS. He could not have been more wrong. There is a time and place for IPS and there is a time and place where IPS should not be used. It does not matter how well you are able to tune an IPS, it is still subject to false positives. When you have a false positive on an IPS, you block legitimate traffic. If you are in a critical industry like medical or financial and legitimate traffic gets blocked, it can be catastrophic. In these instances, you use IDS and not IPS. What does this mean to the security team? As Security Team a research needs to be done whether IDS is truly dead. Intrusion Detection System: is a system that monitors the network o detect and report any illegal intrusions. It gathers and analyzes data from areas within a computer or a network to identify possible security breaches. It helps the organization protect its assets when its networks and systems are still exposed to known vulnerabilities or are unable to respond to a rapidly changing threat environment.

Related Documents

Discussion 3 CMGT555.docx
CMIT 291 Project 2 - Client Response Memorandum (TEMPLATE).docx
draft CMIT 291 Project 2 - Client Response Memorandum.docx
DES_T03_1_Instructions_v4.docx
CIS 403L week 3 Performance.docx
CIS 403L week 2 Performance.docx
POD 2403 Assignment 1 - Instructions.docx
Paper Outline session 3.docx
HSM 101 Week 3 Discussion.pdf
M10 Challenge Submission File Shantinique Williams.docx
Copy of [MAKE A COPY] Security 101 Challenge.docx
DB3.docx