Windows System Log Auditing

Source: Internet
Author: User
Tags system log administrator password

Experimental background

For Windows Server attacks in the network often occur, the administrator needs to be in the server after the abnormal situation, rapid response, and the need to locate the intrusion of services, detection of the means of hacking, find the system vulnerable point and to be patched, Windows server The log tools provided can help us to complete the relevant operations.

There are three logs in the Windows system: The Application log, the system log, the security log, and by default, the security log is not generated if the system does not audit the event.

Experimental target

Mastering the structure of the Windows log system

Ability to set auditing criteria as needed

Ability to perform audit operations on accounts

Can be based on different application requirements

Experimental environment

Server:windows Server 2003

Client:windows

Experimental process Guidance

(1) Local Security policy in the Startup management tool

(2) Open the audit policy in the local security policy and set the items that need to be audited as needed

(3) Set audit logon success and failure events

(4) Audit directory access to successful and failed events

(5) According to the actual need to select and set audit options, the results can be used in two ways to test:

A, use remote 3389 port to enumerate the server to attack

B, in the local try to guess to solve the administrator password

(6) Administrator to view the security log through Event Viewer after logging in with the correct password

(7) View log information for login failure

(8) Answer the following questions by experiment

A, which users, through which IP to scan the server

B, which user names have been guessed

C, which users have successfully logged on this machine

D, what are the IP cracked unsuccessful

E, how to circumvent and prevent enumeration attacks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.