Tracking the Inside Intruder Using Net Log on Debug Logging in Microsoft Windows Server Operating Systems

PDF Version Also Available for Download.

Description

In today's well-connected environments of the Internet, intranets, and extranets, protecting the Microsoft Windows network can be a daunting task for the security engineer. Intrusion Detection Systems are a must-have for most companies, but few have either the financial resources or the people resources to implement and maintain full-scale intrusion detection systems for their networks and hosts. Many will at least invest in intrusion detection for their Internet presence, but others have not yet stepped up to the plate with regard to internal intrusion detection. Unfortunately, most attacks will come from within. Microsoft Windows server operating systems are widely used ... continued below

Physical Description

vp.

Creation Information

Davis, CS January 20, 2004.

Context

This report is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided by UNT Libraries Government Documents Department to Digital Library, a digital repository hosted by the UNT Libraries. It has been viewed 64 times , with 10 in the last month . More information about this report can be viewed below.

Who

People and organizations associated with either the creation of this report or its content.

Author

Sponsor

Publisher

Provided By

UNT Libraries Government Documents Department

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Contact Us

What

Descriptive information to help identify this report. Follow the links below to find similar items on the Digital Library.

Description

In today's well-connected environments of the Internet, intranets, and extranets, protecting the Microsoft Windows network can be a daunting task for the security engineer. Intrusion Detection Systems are a must-have for most companies, but few have either the financial resources or the people resources to implement and maintain full-scale intrusion detection systems for their networks and hosts. Many will at least invest in intrusion detection for their Internet presence, but others have not yet stepped up to the plate with regard to internal intrusion detection. Unfortunately, most attacks will come from within. Microsoft Windows server operating systems are widely used across both large and small enterprises. Unfortunately, there is no intrusion detection built-in to the Windows server operating system. The security logs are valuable but can be difficult to manage even in a small to medium sized environment. So the question arises, can one effectively detect and identify an in side intruder using the native tools that come with Microsoft Windows Server operating systems? One such method is to use Net Logon Service debug logging to identify and track malicious user activity. This paper discusses how to use Net Logon debug logging to identify and track malicious user activity both in real-time and for forensic analysis.

Physical Description

vp.

Source

  • Other Information: PBD: 20 Jan 2004

Language

Item Type

Identifier

Unique identifying numbers for this report in the Digital Library or other systems.

  • Report No.: WSRC-TR-2004-00011
  • Grant Number: AC09-96SR18500
  • DOI: 10.2172/821103 | External Link
  • Office of Scientific & Technical Information Report Number: 821103
  • Archival Resource Key: ark:/67531/metadc735302

Collections

This report is part of the following collection of related materials.

Office of Scientific & Technical Information Technical Reports

Reports, articles and other documents harvested from the Office of Scientific and Technical Information.

Office of Scientific and Technical Information (OSTI) is the Department of Energy (DOE) office that collects, preserves, and disseminates DOE-sponsored research and development (R&D) results that are the outcomes of R&D projects or other funded activities at DOE labs and facilities nationwide and grantees at universities and other institutions.

What responsibilities do I have when using this report?

When

Dates and time periods associated with this report.

Creation Date

  • January 20, 2004

Added to The UNT Digital Library

  • Oct. 18, 2015, 6:40 p.m.

Description Last Updated

  • May 5, 2016, 3:11 p.m.

Usage Statistics

When was this report last used?

Yesterday: 0
Past 30 days: 10
Total Uses: 64

Interact With This Report

Here are some suggestions for what to do next.

Start Reading

PDF Version Also Available for Download.

International Image Interoperability Framework

IIF Logo

We support the IIIF Presentation API

Davis, CS. Tracking the Inside Intruder Using Net Log on Debug Logging in Microsoft Windows Server Operating Systems, report, January 20, 2004; South Carolina. (digital.library.unt.edu/ark:/67531/metadc735302/: accessed October 19, 2018), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.