It is very unfortunate that most of the people don’t know that, by default windows logs only application events. Auditing provides a way for an administrator to detect an attack that has already occurred or is in progress. In addition, auditing can help a developer to sort out security-related problems.
By default Auditing for SECURITY events on windows are disabled.
To enable Audit for “Log on attempts”
Go to START, RUN and type “gpedit.msc”
Go to left hand side tab, navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy
Select "Audit Logon Events" on right hand side tab by double clicking on it.
Select both “Success” and “Failure” boxes and click “Ok”.
Note: To log only successful log in attempts select only “Success” box. / To log only failure log in attempts select “Failure” box.
Log off your system
Try logging in with wrong passwords for few times and with one correct password.
To cross check with the event logs, go to Manage by right clicking on my computer, Select Event Viewer > SECURITY.
Both “FAILURE” and “SECCUESS” attempts are logged.
From this log we can construct the following things:
Date of the unauthorized access attempt
Time of the unauthorized access attempt
Username used for unauthorized access attempt and also identify weather it is a Successful attempt or Failure attempt.
Conclusion:
Logging events can help you monitor your computer or network and prevent a successful attack and can also prove very useful in determining how and when an attack occurred if you use the logs as forensic evidence.
http://cycops.co.in/
No comments:
Post a Comment