Security Event Monitoring

 
Principles of security event monitoring :
log relevant events
centralize logs
monitor and correlate suspicious activities in the logs
trigger alerts according to well-chosen thresholds
define a response and escalation procedure
archive logs for later investigation
 
Events to log for security:
successful and failed authentication attempts
major transactions
creation of a user or group locally on a server
reconfiguration of network interfaces
loading or unloading of device drivers
switching to superuser mode
modification or deletion of logs
configuration changes
startup or shutdown
processing or data validation error
 
Protection of logs :
use a dedicated partition
restrict access to them to administrators
centralize them
archive them
encrypt them
control access to them

Send a remark

Have a question or suggestion? Feel free to leave me a message.

0/200
If you wish to be contacted for a reply