|
The Security Log, in Microsoft Windows, is a log that contains records of login/logout activity or other security-related events specified by the system's audit policy. Auditing allows administrators to configure Windows to record operating system activity in the Security Log. The Security Log is one of three logs viewable under Event Viewer. Local Security Authority Subsystem Service writes events to the log. The Security Log is one of the primary tools used by Administrators to detect and investigate attempted and successful unauthorized activity and to troubleshoot problems; Microsoft describes it as "Your Best and Last Defense".〔(The NT Security Log - Your Best and Last Defense ), Randy Franklin Smith〕 The log and the audit policies that govern it are also favorite targets of hackers and rogue system administrators seeking to cover their tracks before and after committing unauthorized activity.〔(Protecting the NT Security Log ), Randy Franklin Smith, Windows IT Pro, July 2000.〕 ==Types of data logged== If the audit policy is set to record logins, a successful login results in the user's user name and computer name being logged as well as the user name they are logging into.〔(Tracking Logon and Logoff Activity in Windows 2000 ), Microsoft.〕 Depending on the version of Windows and the method of login, the IP address may or may not be recorded. Windows 2000 Web Server, for instance, does not log IP addresses for successful logins, but Windows Server 2003 includes this capability.〔(Capturing IP Addresses for Web Server Logon Events ), Randy Franklin Smith, ''Windows IT Pro'', October 2003.〕 The categories of events that can be logged are:〔(Auditing Policy ), Microsoft.〕 *Account logon events *Account management *Directory service access *Logon events *Object access *Policy change *Privilege use *Process tracking *System events The sheer number of loggable events means that security log analysis can be a time-consuming task.〔(“Five Mistakes of Security Log Analysis” ), Anton Chuvakin, Ph.D., GCIA, GCIH.〕 Third-party utilities have been developed to help identify suspicious trends. It is also possible to filter the log using customized criteria. Logging is dangerous. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Windows Security Log」の詳細全文を読む スポンサード リンク
|