Re: Terminal Services Auditing?

• Previous message: alexandre: "Terminal Services Auditing?"
• Maybe in reply to: alexandre: "Terminal Services Auditing?"
• Next in thread: Thor: "Re: Terminal Services Auditing?"
• Reply: Thor: "Re: Terminal Services Auditing?"
• Reply: alexandre: "Re: Terminal Services Auditing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 24 Oct 2003 13:13:17 -0700
To: <alexandre@secrel.net.br>, <focus-ms@securityfocus.com>

It doesn't log the source IP for each connection. Mark Burnett wrote a good article about supplementing this short-coming using a tool called Zebedee. You can find the article on SecurityFocus.com

Apparently this is not available functionality in Win2003 TS either. I haven't tested this yet.

Erik

---------------------------------------
(Msg from BlackBerry Wireless Handheld)
---------------------------------------
Erik Pace Birkholz - CISSP, MCSE
Foundstone, Inc.
Strategic Security

Read Special Ops and mount an assault to eradicate network negligence today. www.SpecialOpsSeries.com

[Tel] 949.297.5591
[Cel] 323.252.5916
[Fax] 949.297.5575
[pgp] https://www.foundstone.com/pgpkeys/erik-birkholz.asc

-----Original Message-----
From: alexandre <alexandre@secrel.net.br>
To: focus-ms@securityfocus.com <focus-ms@securityfocus.com>
Sent: Fri Oct 24 10:05:19 2003
Subject: Terminal Services Auditing?

Hi all,

continuing the TS subject, I think that someone is having access to one of
my servers thru Terminal Services... anyone know how can I audit these TS
logins?? I looked at the events but didn't find any ip logged.

Thanks

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
---------------------------------------------------------------------------

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
---------------------------------------------------------------------------

• Previous message: alexandre: "Terminal Services Auditing?"
• Maybe in reply to: alexandre: "Terminal Services Auditing?"
• Next in thread: Thor: "Re: Terminal Services Auditing?"
• Reply: Thor: "Re: Terminal Services Auditing?"
• Reply: alexandre: "Re: Terminal Services Auditing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]