Question

The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.

Answer 1

Different types of logs created and used in analysing security in the network:

Application Log:

records of log of errors,update,crash inside an application

System Log:

records of log of errors,update,crash in the operating system

Security Log:

records of log of security warnings like invalid login attempt, file access like opening a file, editing a file, deleting a file, changing system time, etc,..

Directory Service log:

records of log of AD by domain controllers

DNS Server log:

records of log of login, time, visited page, etc,.. by DNS servers

File replication service log:

records of log of domain controller replication by domain controllers

Here is how the security professional use log information for analysing security in the network:

Illegal authentication attempts are the major cause for security vulnerable attacks and hacks. If  failed login attempts are saved as a log, the security professional can view the username and password used for attempting illegal logins. By analysing and examining the username and password used, security professional can come to a conclusion of possible intruder or can find the way of intrusion in the organisation.

User logon/logoff ,computer logon/logoff/restart , Access to objects, files and folders , System time modification , Audit logs clearance are some of the useful logs that will help to secure the network from attacks of hackers and intruders.