Who should attend: System administrators and network managers responsible for monitoring and maintaining the health and well-being of computers and network devices in an enterprise environment. Although some review is provided, participants should be familiar with the UNIX and Windows operating systems and basic network security.
Overview: The purpose of this tutorial is to illustrate the importance of a network-wide centralized logging infrastructure, to introduce several approaches to monitoring audit logs, and to explain the types of information and forensics that can be obtained with well-managed logging systems.
Every device on your network--routers, servers, firewalls, application software--spits out millions of lines of audit information a day. Hidden within the data that indicate normal day-to-day operation (and known problems) are the first clues that systems are breaking down, attackers are breaking in, and end users are breaking up. If you manage that data flow, you can run your networks more effectively.
Topics include:
This class won't teach you how to write Perl scripts to simplify your logfiles. It will teach you how to build a log management infrastructure, how to figure out what your log data means, and what in the world you do with it once you've acquired it.
|
Tina Bird, a Computer Security Officer for Stanford University, works on the design and implementation of security infrastructure for administrative systems; writes Security Alerts for the 40,000-host network; implementation of HIPAA-compliant security systems for healthcare systems; and extending Stanford's logging infrastructure. Tina moderates the Log Analysis and VPN mailing lists; with Marcus Ranum, she runs http://www.loganalysis.org. Tina has a B.S. in physics from the University of Notre Dame and a master's degree and Ph.D. in astrophysics from the University of Minnesota. |