Security Log Management (eBook)
350 Seiten
Elsevier Science (Verlag)
978-0-08-048970-4 (ISBN)
Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of log file. This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.
* Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network
* Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site.
* Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks
This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the "e;Top 10 security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the "e;Top 10 list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of "e;log file. This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.* Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network* Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site. * Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks
Cover 1
Contents 11
Foreword 17
Chapter 1 Log Analysis: Overall Issues 19
IT Budgets and Results: Leveraging OSS Solutions at Little Cost 20
Reporting Security Information to Management 23
Combining Resources for an “Eye-in-the-Sky” View 27
Blended Threats and Reporting 30
Conclusion 34
Code Solutions 34
Commercial Solutions: ArcSight and Netforensics 48
Chapter 2 IDS Reporting 55
Session/Flow Logging with Snort 57
Session/Flow Logging with Argus 62
Can You Determine When a DDoS/DoS Attack Is Occurring? 71
Using Snort for Bandwidth Monitoring 75
Using Bro to Log and Capture Application-Level Protocols 83
Tracking Users’ Web Activities with Bro 92
Using Bro to Gather DNS and Web Traffic Data 97
Using Bro for Blackholing Traffic to Malware-Infested Domains 108
Using Bro to Identify Top E-Mail Senders/Receivers 119
Chapter 3 Firewall Reporting 131
Firewall Reporting: A Reflection of the Effectiveness of Security Policies 132
The Supporting Infrastructure for Firewall Log Management 134
Chapter 4 Systems and Network Device Reporting 161
Web Server Logs 165
Recon and Attack Information 166
Correlating Data with the Host System 170
Chapter 5 Creating a Reporting Infrastructure 183
Creating IDS Reports from Snort Logs—Example Report Queries 184
Creating IDS Reports from Bro Logs—Application Log Information 196
Chapter 6 Scalable Enterprise Solutions (ESM Deployments) 211
What Is ESM? 214
When Deploying ESM Makes Sense 223
Which Security Reporting Tools to Aggregate into ESM 234
Special Considerations for Using ESM 245
Using ESM Reporting for Maximum Performance 238
Lessons Learned Implementing ESM 248
Chapter 7 Managing Log Files with Microsoft Log Parser 261
Log File Conversion 262
Log Rotation and Archival 277
Separating Logs 289
Chapter 8 Investigating Intrusions with Microsoft Log Parser 299
Locating Intrusions 300
Monitoring IIS 305
Chapter 9 Managing Snort Alerts with Microsoft Log Parser 323
Building Snort IDS Reports 324
Erscheint lt. Verlag | 27.1.2006 |
---|---|
Sprache | englisch |
Themenwelt | Sachbuch/Ratgeber |
Informatik ► Netzwerke ► Sicherheit / Firewall | |
Informatik ► Theorie / Studium ► Kryptologie | |
Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
ISBN-10 | 0-08-048970-2 / 0080489702 |
ISBN-13 | 978-0-08-048970-4 / 9780080489704 |
Haben Sie eine Frage zum Produkt? |
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich