Auditing and Logging Vulnerabilities

From Guidance Share

(Difference between revisions)
Jump to: navigation, search
Revision as of 02:01, 30 October 2006 (edit)
Admin (Talk | contribs)

← Previous diff
Current revision (06:32, 6 August 2007) (edit)
GardenTender (Talk | contribs)

 
Line 1: Line 1:
== Description == == Description ==
Auditing and logging should be used to help detect suspicious activity such as footprinting or possible password cracking attempts before an exploit actually occurs. Itcan also help deal with the threat of repudiation. It is much harder for a user to deny performing an operation if a series of synchronized log entries on multiple servers indicate that the user performed that transaction. Auditing and logging should be used to help detect suspicious activity such as footprinting or possible password cracking attempts before an exploit actually occurs. Itcan also help deal with the threat of repudiation. It is much harder for a user to deny performing an operation if a series of synchronized log entries on multiple servers indicate that the user performed that transaction.
 +
== Impact == == Impact ==
Line 6: Line 7:
* Attackers Exploit an Application Without Leaving a Trace * Attackers Exploit an Application Without Leaving a Trace
* Attackers Cover Their Tracks * Attackers Cover Their Tracks
 +
== Vulnerabilities == == Vulnerabilities ==
* Anonymous access enabled * Anonymous access enabled
 +
== Attacks == == Attacks ==
* Repudiation Attack * Repudiation Attack
 +
== Countermeasures == == Countermeasures ==
Countermeasures to prevent Auditing and Logging attacks include: Countermeasures to prevent Auditing and Logging attacks include:
* Disable anonymous access and authenticate every principle * Disable anonymous access and authenticate every principle

Current revision

Contents

Description

Auditing and logging should be used to help detect suspicious activity such as footprinting or possible password cracking attempts before an exploit actually occurs. Itcan also help deal with the threat of repudiation. It is much harder for a user to deny performing an operation if a series of synchronized log entries on multiple servers indicate that the user performed that transaction.


Impact

  • User Denies Performing an Operation
  • Attackers Exploit an Application Without Leaving a Trace
  • Attackers Cover Their Tracks


Vulnerabilities

  • Anonymous access enabled


Attacks

  • Repudiation Attack


Countermeasures

Countermeasures to prevent Auditing and Logging attacks include:

  • Disable anonymous access and authenticate every principle
Personal tools