Difference between revisions of "Log review and management"

From OWASP
Jump to: navigation, search
(Log Review Tips)
Line 14: Line 14:
 
*  
 
*  
  
==Subactivity 1==
+
== Log Review Tips ==
 
+
Describe the subactivity here
+
  
 +
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?
 +
1. Consecutive login failure especially in non-office hour.
 +
2. Login in non-office hour.
 +
3. Authority change, addition and removal. Check them against with authorized application.
 +
4. Any system administrator's activities
 +
5. Any unknown workstation/server are plugged into the network?
 +
6. Logs removal/log overwritten/log size is full
 +
7. Pay more attention to the log reports after week-end and holiday
 +
8. Any account unlocked/password reset by system administrators without authorized forms?
  
 
==Subactivity 2==
 
==Subactivity 2==

Revision as of 04:39, 17 March 2007

Contents

Overview

Purpose:

  • Communicate potential risks to stakeholder.
  • Communicate rationale for security-relevant decisions to stakeholder.

Role:

  • who typically does this

Frequency:

Log Review Tips

Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to? 1. Consecutive login failure especially in non-office hour. 2. Login in non-office hour. 3. Authority change, addition and removal. Check them against with authorized application. 4. Any system administrator's activities 5. Any unknown workstation/server are plugged into the network? 6. Logs removal/log overwritten/log size is full 7. Pay more attention to the log reports after week-end and holiday 8. Any account unlocked/password reset by system administrators without authorized forms?

Subactivity 2

Describe the subactivity here


Subactivity 3

Describe the subactivity here