This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Log review and management"
Anthonylai (talk | contribs) (→Log Review Tips) |
|||
| Line 14: | Line 14: | ||
* | * | ||
| − | == | + | == Log Review Tips == |
| − | |||
| − | |||
| + | Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to? | ||
| + | 1. Consecutive login failure especially in non-office hour. | ||
| + | 2. Login in non-office hour. | ||
| + | 3. Authority change, addition and removal. Check them against with authorized application. | ||
| + | 4. Any system administrator's activities | ||
| + | 5. Any unknown workstation/server are plugged into the network? | ||
| + | 6. Logs removal/log overwritten/log size is full | ||
| + | 7. Pay more attention to the log reports after week-end and holiday | ||
| + | 8. Any account unlocked/password reset by system administrators without authorized forms? | ||
==Subactivity 2== | ==Subactivity 2== | ||
Revision as of 09:39, 17 March 2007
Overview
Purpose:
- Communicate potential risks to stakeholder.
- Communicate rationale for security-relevant decisions to stakeholder.
Role:
- who typically does this
Frequency:
Log Review Tips
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to? 1. Consecutive login failure especially in non-office hour. 2. Login in non-office hour. 3. Authority change, addition and removal. Check them against with authorized application. 4. Any system administrator's activities 5. Any unknown workstation/server are plugged into the network? 6. Logs removal/log overwritten/log size is full 7. Pay more attention to the log reports after week-end and holiday 8. Any account unlocked/password reset by system administrators without authorized forms?
Subactivity 2
Describe the subactivity here
Subactivity 3
Describe the subactivity here
