Auditing and Logging
From Guidance Share
Revision as of 20:42, 1 December 2007; JD (Talk | contribs)
(diff) ←Older revision | Current revision | Newer revision→ (diff)
(diff) ←Older revision | Current revision | Newer revision→ (diff)
Contents |
[edit]
Description
Auditing and logging should be used to help detect suspicious activity such as footprinting or possible password cracking attempts before an exploit actually occurs. Itcan also help deal with the threat of repudiation. It is much harder for a user to deny performing an operation if a series of synchronized log entries on multiple servers indicate that the user performed that transaction.
[edit]
Impact
- User Denies Performing an Operation
- Attackers Exploit an Application Without Leaving a Trace
- Attackers Cover Their Tracks
[edit]
Vulnerabilities
- Anonymous access enabled
[edit]
Attacks
- Repudiation Attack
[edit]
Countermeasures
Countermeasures to prevent Auditing and Logging attacks include:
- Disable anonymous access and authenticate every principle
Done
