翻訳と辞書
Words near each other
・ Winx Club (season 6)
・ Winx Club (season 7)
・ WinX DVD Ripper Platinum
・ WINX-FM
・ WINY
・ Winy Maas
・ Winya, Queensland
・ Winyah Bay
・ Winyah Indigo School
・ Winyah Park
・ Winyaw
・ Winye language
・ Winyi of Kibulala
・ WINZ
・ WINZ (AM)
Winzapper
・ Winze
・ Winzen Research
・ Winzenburg
・ Winzendorf-Muthmannsdorf
・ Winzenhohler Bach
・ Winzer
・ Winzer (surname)
・ WinZip
・ Winzler & Kelly
・ Winznau
・ Winétt de Rokha
・ Winów
・ Win–loss
・ Win–loss analytics


Dictionary Lists
翻訳と辞書 辞書検索 [ 開発暫定版 ]
スポンサード リンク

Winzapper : ウィキペディア英語版
Winzapper
Winzapper is a freeware utility / hacking tool used to delete events from the Microsoft Windows NT 4.0 and Windows 2000 Security Log. It was developed by Arne Vidstrom as a proof-of-concept tool, demonstrating that once the Administrator account has been compromised, event logs are no longer reliable.〔(Winzapper FAQ ), NTSecurity.〕 According to ''Hacking Exposed: Windows Server 2003'', Winzapper works with Windows NT/2000/2003.
Prior to Winzapper's creation, Administrators already had the ability to clear the Security log either through the Event Viewer or through third-party tools such as Clearlogs.〔(【引用サイトリンク】title=Hacktool.Clearlogs )〕 However, Windows lacked any built-in method of selectively deleting events from the Security Log. An unexpected clearing of the log would likely be a red flag to system administrators that an intrusion had occurred. Winzapper would allow a hacker to hide the intrusion by deleting only those log events relevant to the attack. Winzapper, as publicly released, lacked the ability to be run remotely without the use of a tool such as Terminal Services. However, according to Arne Vidstrom, it could easily be modified for remote operation.
There is also an unrelated trojan horse by the same name.〔(【引用サイトリンク】title=Winzapper Trojan )
==Countermeasures==
Winzapper creates a backup security log, "dummy.dat," at %systemroot%\system32\config. This file may be undeleted after an attack to recover the original log.〔(【引用サイトリンク】title=Forensic Footprint of Winzapper )〕 Conceivably, however, a savvy user might copy a sufficiently large file over the dummy.dat file and thus irretrievably overwrite it. Winzapper causes the Event Viewer to become unusable until after a reboot, so an unexpected reboot may be a clue that Winzapper has recently been used. Another potential clue to a Winzapper-based attempt would be corruption of the Security Log (requiring it to be cleared), since there is always a small risk that Winzapper will do this.
According to WindowsNetworking.com, "One way to prevent rogue admins from using this tool on your servers is to implement a Software Restriction Policy using Group Policy that prevents the WinZapper executable from running".〔(【引用サイトリンク】title=Gaps in Security Log )

抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)
ウィキペディアで「Winzapper」の詳細全文を読む



スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース

Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.