How to Perform Network-Wide Security Event Log Management

White Paper Published By: GFI

Tags :

event management, information management, records management, network management, compliance, records, gfi, audit

Published:	Jun 14, 2007
Type:	White Paper
Length:	12 pages

How to perform network-wide
security event log monitoring
Using GFI EventsManager for intrusion detection and
essential auditing of security event logs
This white paper explains the need to monitor security event logs network-wide and how you can achieve this using GFI EventsManager (former GFI LANguard Security Event Log Monitor). It is written by Randy Franklin Smith, author of the in-depth series on the Windows security log in Windows 2000 & .NET Magazine.

WWW.GFI.COM How to perform network-wide security event log monitoring . 2
Introduction Microsoft Windows machines have basic audit facilities but they fall short of fulfilling real-life business needs (i.e., monitoring Windows computers in real-time, periodically analyzing security activity, and maintaining a long-term audit trail). Therefore, the need exists for a log-based intrusion detection and analysis tool such as GFI EventsManager. This paper explains how GFI EventsManager's innovative architecture can fill the gaps in Windows' security log functionality - without hurting performance and while remaining cost-effective. It discusses the use of GFI EventsManager to implement best practice and fulfill due diligence requirements imposed by auditors and regulatory agencies; and provides strategies for making maximum use of GFI EventsManager's capabilities.
About the writer: This white paper is written by Randy Franklin Smith, Windows event log monitor guru and writer of an in-depth series on the Windows security log for Windows 2000 & .NET Magazine (now Windows IT Pro Magazine).
Introduction....................................................................................................................................2 How GFI EventsManager works....................................................................................................2 Due diligence analysis...................................................................................................................6 Strategies to reap maximum value................................................................................................6 Select the proper security levels for computers ............................................................................6 Balance resource consumption with timely alerts .........................................................................7 Ensure security log maintenance and integrity .............................................................................7 Use file-access auditing for internal security.................................................................................8 Detect web server intrusion and defacement..............................................................................10 Hold administrators accountable.................................................................................................10 Create a long-term audit trail.......................................................................................................11 Conclusion...................................................................................................................................11 About GFI ....................................................................................................................................12
How GFI EventsManager works
Architectural overview GFI EventsManager performs intrusion detection and network security reporting by monitoring the security event logs of all Windows 2000/NT/XP/2003 servers and workstations in the organization. It alerts you in real time about possible intrusions and attacks.
To ensure proper integration with the overall Windows environment, GFI EventsManager uses standard Windows technology such as Microsoft Message Queuing (MSMQ), Microsoft Management Console (MMC), Microsoft Windows Installer, and Open Database Connectivity
WWW.GFI.COM How to perform network-wide security event log monitoring . 3
(ODBC).
Implementing network-wide monitoring with GFI EventsManager requires little effort because you don't need to install software on each computer you want to monitor. The administrator installs GFI EventsManager on only one host computer, and then simply regist... [download for more]

Browse Technology Topics

Data Center Virtualization, Cloud Computing, Infrastructure, Design and Facilities... more, Power and Cooling, Green Computing less		Data Management Application Integration, Analytical Applications, Business Intelligence... more, Configuration Management, Database Development, Data Integration, Data Mining, Data Protection, Data Quality, Data Replication, Database Security, EDI, SOAP, Service Oriented Architecture, Web Service Management, Data Warehousing less
Electronics Analog Communications, Digital Signal Processing, Electronic Design Automation... more, System On A Chip, Electronic Test and Measurement, Embedded Design, Boards & Modules, Embedded Systems and Networking, Electromechanical & Mechanical, Optoelectonics & Displays, Packaging and Interconnects, Passive & Discrete Components, Power Sources & Conditioning Devices, Integrated Circuits and Semiconductors, Sensors & Actuators less		Enterprise Applications Application Integration, Application Performance Management... more, Best Practices, Business Activity Monitoring, Business Analytics, Business Integration, Business Intelligence, Business Management, Business Metrics, Business Process Automation, Business Process Management, Call Center Management, Call Center Software, Change Management, Corporate Governance, Customer Interaction Service, Customer Relationship Management, Customer Satisfaction, Customer Service, EBusiness, Enterprise Resource Planning, Enterprise Software, EProcurement, Extranets, Groupware Workflow, HIPAA Compliance, IP Faxing, IT Spending, Marketing Automation, Performance Testing, Product Lifecycle Management, Project Management, Return On Investment, Risk Management, Sales & Marketing Software, Sales Automation, Server Virtualization, Simulation Software, Supply Chain Management, System Management Software, Total Cost of Ownership, Video Conferencing, Voice Recognition, Voice Over IP, Workforce Management, Incentive Compensation, Spend Management, Manufacturing Execution Systems, International Computing less
Human Resource Technology Human Resources Services, Payroll Software, Time and Attendance Software... more, Workforce Management Software, Financial Management, Employee Monitoring Software, Employee Training Software, Recruiting Software/Services, Employee Performance Management, ELearning, Benefits Management, Expense Management less		IT Career Advancement Cisco Certification, Microsoft Certification, Linux Certification... more, Network Security Certification, Software Development Certification less
IT Management Employee Performance, ITIL, Productivity, Project Management... more, Software Compliance, Sarbanes Oxley Compliance, Service Management, Desktop Management less		Knowledge Management Collaboration, Collaborative Commerce, Contact Management... more, Content Delivery, Content Integration, Content Management System, Corporate Portals, Customer Experience Management, Document Management, Information Management, Intranets, Messaging, Records Management, Search And Retrieval, Search Engines, Secure Content Management, SLA less
Networking Active Directory, Bandwidth Management, Convergence, Distributed Computing... more, Ethernet Networking, Fibre Channel, Gigabit Networking, Governance, Grid Computing, Infrastructure, Internetworking Hardware, Interoperability, IP Networks, IP Telephony, Local Area Networking, Load Balancing, Migration, Monitoring, Network Architecture, Network Management, Network Performance, Network Performance Management, Network Provisioning, Network Security, OLAP, Optical Networking, Quality Of Service, Remote Access, Remote Network Management, Server Hardware, Servers, Small Business Networks, TCP/IP Protocol, Test And Measurement, Traffic Management, Tunneling, Utility Computing, VPN, Wide Area Networks, Green Computing, Cloud Computing, Power and Cooling, Data Center Design and Management, Colocation and Web Hosting less		Platforms AS/400, Domino, Linux, Microsoft Exchange, Oracle, PeopleSoft... more, SAP, Siebel, Solaris, Tivoli, Unix, Web Sphere, Windows, Windows Server less
Security Access Control, Anti Spam, Anti Spyware, Anti Virus, Application Security... more, Auditing, Authentication, Biometrics, Business Continuity, Compliance, DDoS, Disaster Recovery, Email Security, Encryption, Firewalls, Hacker Detection, High Availability, Identity Management, Internet Security, Intrusion Detection, Intrusion Prevention, IPSec, Network Security Appliance, Password Management, Patch Management, Phishing, PKI, Policy Based Management, Security Management, Security Policies, Single Sign On, SSL, Secure Instant Messaging, Web Service Security, PCI Compliance, Vulnerability Management less		Software Development .NET, C++, Database Development, Java, Middleware, Open Source... more, Software Outsourcing, Quality Assurance, Scripting, SOAP, Software Testing, Visual Basic, Web Development, Web Services, Web Service Security, XML less
Storage Backup And Recovery, Blade Servers, Clustering, IP Storage... more, ISCSI, Network Attached Storage, RAID, Storage Area Networks, Storage Management, Storage Virtualization, Email Archiving, Data Deduplication less		Wireless 802.11, Bluetooth, CDMA, GPS, Mobile Computing, Mobile Data Systems... more, Mobile Workers, PDA, RFID, Smart Phones, WiFi, Wireless Application Software, Wireless Communications, Wireless Hardware, Wireless Infrastructure, Wireless Messaging, Wireless Phones, Wireless Security, Wireless Service Providers, WLAN less