Securing your Event logs
Preventing rogue administrators from tampering with Event logs.
Event logs can easily be tampered with if a user belongs to the local Administrators group on a system. For example, you can disable the Event Log service, reboot your machine, and mess around with the event log files. Or even easier, you can download a tool like WinZapper (see http://www.securityfocus.com/tools/1726) which will let you delete individual events from your event logs even while your system is still running!
How can you prevent rogue Administrators then from modifying event logs on your system? By consolidating the logs on your systems to a safe and secure central location. One great way for doing this is to use Audit Collection Services (ACS), a part of Microsoft System Center Operations Manager 2007, see http://technet.microsoft.com/en-us/library/bb381258.aspx for details. Archiving your centralized logs offline at a secure site will add even more security to this scenario.
Article written by MyComputerAid.com
2003 server - Sep 30, 2008 22:34 - 0 Comments
instant messaging srv records
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments
Outlook: Duplicates in Mailbox
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Desktop, Web browsers and Internet, Windows 2000, Windows 7, Windows 98, Windows Firewall and networking, Windows Vista, Windows XP - Feb 8, 2010 18:09 - 0 Comments
Disable Proxy settings in IE
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Leave a Reply
You must be logged in to post a comment.