2 cissp ® Official Study Guide Eighth Edition


Chapter 17  ■ Preventing and Responding to Incidents Monitoring and Investigations



Download 19,3 Mb.
Pdf ko'rish
bet725/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   721   722   723   724   725   726   727   728   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

778
Chapter 17 

Preventing and Responding to Incidents
Monitoring and Investigations 
Audit trails give investigators the ability to reconstruct events long after they have 
occurred. They can record access abuses, privilege violations, attempted intrusions, and 
many different types of attacks. After detecting a security violation, security professionals 
can reconstruct the conditions and system state leading up to the event, during the event
and after the event through a close examination of the audit trail. 
One important consideration is ensuring that logs have accurate time stamps and that 
these time stamps remain consistent throughout the environment. A common method is to 
set up an internal Network Time Protocol (NTP) server that is synchronized to a trusted 
time source such as a public NTP server. Other systems can then synchronize with this 
internal NTP server. 
NIST operates several time servers that support authentication. Once an NTP server is 
properly confi gured, the NIST servers will respond with encrypted and authenticated time 
messages. The authentication provides assurances that the response came from a NIST 
server. 
Systems should have their time synchronized against a centralized or 
trusted public time server. This ensures that all audit logs record accurate 
and consistent times for recorded events.
Monitoring and Problem Identification 
Audit trails offer details about recorded events that are useful for administrators. They can 
record system failures, OS bugs, and software errors in addition to malicious attacks. Some 
log fi les can even capture the contents of memory when an application or system crashes. 
This information can help pinpoint the cause of the event and eliminate it as a possible 
attack. For example, if a system keeps crashing due to faulty memory, crash dump fi les can 
help diagnose the problem. 
Using log fi les for this purpose is often labeled as problem identifi cation. Once a problem 
is identifi ed, performing problem resolution involves little more than following up on the 
disclosed information.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   721   722   723   724   725   726   727   728   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish