Tracking the Inside Intruder Using Net Log on Debug Logging in Microsoft Windows Server Operating Systems
In today's well-connected environments of the Internet, intranets, and extranets, protecting the Microsoft Windows network can be a daunting task for the security engineer. Intrusion Detection Systems are a must-have for most companies, but few have either the financial resources or the people resources to implement and maintain full-scale intrusion detection systems for their networks and hosts. Many will at least invest in intrusion detection for their Internet presence, but others have not yet stepped up to the plate with regard to internal intrusion detection. Unfortunately, most attacks will come from within. Microsoft Windows server operating systems are widely used across both large and small enterprises. Unfortunately, there is no intrusion detection built-in to the Windows server operating system. The security logs are valuable but can be difficult to manage even in a small to medium sized environment. So the question arises, can one effectively detect and identify an in side intruder using the native tools that come with Microsoft Windows Server operating systems? One such method is to use Net Logon Service debug logging to identify and track malicious user activity. This paper discusses how to use Net Logon debug logging to identify and track malicious user activity both in real-time and for forensic analysis.
- Research Organization:
- Savannah River Site (SRS), Aiken, SC (United States)
- Sponsoring Organization:
- US Department of Energy (US)
- DOE Contract Number:
- AC09-96SR18500
- OSTI ID:
- 821123
- Report Number(s):
- WSRC-TR-2004-00011; TRN: US200407%%298
- Resource Relation:
- Other Information: PBD: 20 Jan 2004
- Country of Publication:
- United States
- Language:
- English
Similar Records
Integrated Management Tracking System
Optimization environments and the NEOS server