Question

The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.

Answer 1

There are different types of logs are available

1. Application log: It is a file that contains information about events that have occurred within a software application. It includes errors, warnings, and updates.
2. Security log: It mainly concerns about security-related events like file deletions, login, or logout activity.
3. DNS Server log: These events are logged by the DNS server.
4. System log: It contains records of operating system events like detecting an error, updating the operating system components.
5. File replication service log: In this type of logs event are logged by the domain controller for the domain controller application
6. Directory service log: The event logged by domain controller for Active Directory.

Use of logs by a security professional to analyze security in the network

It is used to deal with internal security and help them to resolve issues, data theft, Access to files and folders, System time adjustment, brut force login attempts by an unauthorized user, reviewing these logs will assist in traceback the hacker and troubleshoot the problem in our network.