Question

The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.

Answer 1

Types of logs:

Application Log - event logged by an application like errors,update,crash.

System Log - event logged by Operating System like errors,update.

Security Log - event logged for concerning security like file deletion, invalid logins.

Directory Service log - event logged by domain controller for AD.

DNS Server log - event logged by DNS servers.

File replication service log - event logged by domain controller for domain controller replication.

Use of logs in analysing security in the network:

Majority of the hacks and data thefts takes place due to illegal authentication attempts. Inspecting failed login attempts could prevent data thefts. If User logon/logoff , computer logon/logoff/restart , Access to objects, files and folders , System time modification , Audit logs clearance are logged, auditing these logs will definitely help to trace back the hacker or intruder and to analyze security in the network.