国外的培训课程 安全日志的秘密 大纲

信息来源：wetu专家

很多人并不了解WINDOWS中各种安全日志的存储格式和用途，因此想写一些这方面的东西。正好看到了国外有一个课程专门讲解了WINDOWS 2000/2003的各种安全日志。下面是课程大纲，录以备忘，以供参考之用。

Security Log Secrets
Course Agenda:

1. Introduction to Windows Security Logging

System audit policy
Event viewer
Maximim log size and overwrite options
Using group policy to configure audit policy and event log settings
Frequently held misconceptions
2. Monitoring logon and authentication events

Audit logon events
Audit account logon events
Local vs Domain account logons
NTLM & Kerberos authentication events
3. Monitoring user activity

Audit object access
Audit process tracking
4. Auditing account changes and administrative activity

Audit directory service access
Audit account management
Tracking help desk and administrator activity
Detecting and preventing log tampering
Monitoring changes to users, groups, organizational units, group policy objects, etc
5. Auditing system activity

Audit privilige use
Audit system events
IPSec, EFS and certificate events
6. Automating log monitoring and achival

VB scripts
Microsoft tools
Shareware utilities
Free vendor tools
Selecting the right event log solution for your network
Getting the most from your event monitoring solution
7. Other security-crucial logs

Internet Authentication Service (IAS)
RRAS (Routing and Remote Access Service)
VPN activity
IIS Web Server logs
DHCP logging