Good administrators check their logs regularly. They need to know

 

Good administrators check their logs regularly. They need to know what went on when they were away. They need to look for intruders, compromised machines, stolen or deleted files, and so on. The list of things to look for can be extensive.

Microsoft Windows Event Viewer is a simple program that organizes these logs in a way that makes them easy to view. Learning how Event Viewer works is a great training platform for beginners. It is also a useful diagnostic tool.

In this example, you will enable logging of security events, log in and out of your machine, and then look up the event in Event Viewer.  You should complete this within the Maryville Virtual Lab environment.

  1. Click in the “Search Windows” bar and type Local Security Policy.
  2. Click on Local Policies, and Audit Policy.
  3. Double-click on the policy labeled “Audit account logon events.”
  4. Select both Success and Failure (if they are not already checked).
  5. Click OK.
  6. Double-click on the policy labeled “Audit logon events.”
  7. Select both Success and Failure (if they are not already checked).
  8. Click OK.
  9. Take a screenshot of these policies.
  10. Click the “Search Windows” bar and type Event Viewer.
  11. Click Windows Logs and Security.
  12. Take a screenshot of an interesting event in either the security.
  13. Log off your virtual machine by clicking Start, click your user name at the top, and select Sign Out.
  14. Wait about a minute and log back into your virtual machine.
  15. Click the “Search Windows” bar and type Event Viewer.
  16. Click Windows Logs, and Security.
  17. Take a screenshot.
  18. Double-click on a Logon/Logoff event that was just recorded.
  19. Take a screenshot.
  20. Students should then complete a page summary of their findings and discuss how these audit logs could be used to detect an insider threat. This page should be at the beginning of your lab.

This is the next chapter of your lab book for the semester. Each Lab Assignment is a new chapter in your lab book.

Your lab book chapter each week should include:

  • Cover Page
  • Abstract
  • Introduction of the lab assignment
  • Screenshots that dialogue your lab experience/ what you learned during the exercise
  • Conclusion of the lab assignment
  • Independent Research – expanding the topic.. ( For example this week, we are focusing on Windows logs, you could discuss various log types, exploiting logs, maintaining and storing logs, etc….)
  • References

A Helpful Message regarding the projects/ lab assignments…   

Yes, we normally provide steps to follow and a general direction of what is necessary to complete the assignment…..   but they are not recipes…   they are diving boards for exploration.   Sometimes things do not work perfectly…  that’s OK..  note it in your lab book and continue.   The intent is to provide the general direction…  the assignment is intended for you to run with it and learn!! 

Choose a submission type

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Related Questions