Security Log Management -  Jacob Babbin

Security Log Management (eBook)

Identifying Patterns in the Chaos

(Autor)

eBook Download: PDF
2006 | 1. Auflage
350 Seiten
Elsevier Science (Verlag)
978-0-08-048970-4 (ISBN)
Systemvoraussetzungen
41,08 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the Top 10 security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the Top 10 list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.

Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of log file. This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.

* Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network
* Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site.
* Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks
This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the "e;Top 10 security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the "e;Top 10 list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of "e;log file. This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.* Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network* Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site. * Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks

Cover 1
Contents 11
Foreword 17
Chapter 1 Log Analysis: Overall Issues 19
IT Budgets and Results: Leveraging OSS Solutions at Little Cost 20
Reporting Security Information to Management 23
Combining Resources for an “Eye-in-the-Sky” View 27
Blended Threats and Reporting 30
Conclusion 34
Code Solutions 34
Commercial Solutions: ArcSight and Netforensics 48
Chapter 2 IDS Reporting 55
Session/Flow Logging with Snort 57
Session/Flow Logging with Argus 62
Can You Determine When a DDoS/DoS Attack Is Occurring? 71
Using Snort for Bandwidth Monitoring 75
Using Bro to Log and Capture Application-Level Protocols 83
Tracking Users’ Web Activities with Bro 92
Using Bro to Gather DNS and Web Traffic Data 97
Using Bro for Blackholing Traffic to Malware-Infested Domains 108
Using Bro to Identify Top E-Mail Senders/Receivers 119
Chapter 3 Firewall Reporting 131
Firewall Reporting: A Reflection of the Effectiveness of Security Policies 132
The Supporting Infrastructure for Firewall Log Management 134
Chapter 4 Systems and Network Device Reporting 161
Web Server Logs 165
Recon and Attack Information 166
Correlating Data with the Host System 170
Chapter 5 Creating a Reporting Infrastructure 183
Creating IDS Reports from Snort Logs—Example Report Queries 184
Creating IDS Reports from Bro Logs—Application Log Information 196
Chapter 6 Scalable Enterprise Solutions (ESM Deployments) 211
What Is ESM? 214
When Deploying ESM Makes Sense 223
Which Security Reporting Tools to Aggregate into ESM 234
Special Considerations for Using ESM 245
Using ESM Reporting for Maximum Performance 238
Lessons Learned Implementing ESM 248
Chapter 7 Managing Log Files with Microsoft Log Parser 261
Log File Conversion 262
Log Rotation and Archival 277
Separating Logs 289
Chapter 8 Investigating Intrusions with Microsoft Log Parser 299
Locating Intrusions 300
Monitoring IIS 305
Chapter 9 Managing Snort Alerts with Microsoft Log Parser 323
Building Snort IDS Reports 324

Erscheint lt. Verlag 27.1.2006
Sprache englisch
Themenwelt Sachbuch/Ratgeber
Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Wirtschaft Betriebswirtschaft / Management Unternehmensführung / Management
ISBN-10 0-08-048970-2 / 0080489702
ISBN-13 978-0-08-048970-4 / 9780080489704
Haben Sie eine Frage zum Produkt?
PDFPDF (Adobe DRM)

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
42,99
Das umfassende Handbuch

von Michael Kofler; Klaus Gebeshuber; Peter Kloep …

eBook Download (2022)
Rheinwerk Computing (Verlag)
49,90