FIRST 2005 Day2 - Syslog and Forensics

Abe Singer of San Diego Supercomputer Center, gave a talk on how syslog and other logging mechanisms are really useful for security. He elaborated on setting up a massive syslog-ing infrastructure and how he analyzes tonnes and tonnes of syslog data from all types of systems, including Windows systems. I would say that syslog wasn't really designed for this type of security analysis. Solaris BSM Auditing is the recommended way to gather audit logs to do things like keeping track of who is entering (or not able to enter) the system, and what is one is able do there (or not able to do).
mike
Picture of the day: Mike from Cisco Product security team sporting his colorful ribbons!

Later in the day, Raemarie Schmidt - a VP of Digital Intelligence, Inc. talked about Computer Forensics which mainly focused on Windows PCs.
Comments:

What is your recoomended Syslog and Forensics tools for datamining and triangulating or identifying external access locations. Thanks :)

Posted by Michael Matthes on July 11, 2008 at 01:24 PM PDT #

Post a Comment:
Comments are closed for this entry.
About


sayings of an hearer

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today