Re: Auditing / Logging

From: Don Parker (dparker_at_rigelksecurity.com)
Date: 01/12/04

  • Next message: Aditya [ Aditya Lalit Deshmukh ]: "RE: Microsoft SUS on Apache?"
    Date: Mon, 12 Jan 2004 13:17:14 -0500 (EST)
    To: "n30" <n30_lists@hotmail.com>, <security-basics@securityfocus.com>
    
    

    The simplest solution would be to simply log all activity using tcpdump in binary
    format. This decreases the file size, is faster, and allows you to manipulate it after.
    You can also input this binary log into any protocol analyzer afterwards as well ie:
    ethereal, etherpeek nx and the such.

    Doing the above also gives you and your client a copy of exactly what it is you have
    done during your pen test should there be any questions/complaints.

    Cheers

    -------------------------------------------
    Don Parker, GCIA
    Intrusion Detection Specialist
    Rigel Kent Security & Advisory Services Inc
    www.rigelksecurity.com
    ph :613.249.8340
    fax:613.249.8319
    --------------------------------------------

    On Jan 12, "n30" <n30_lists@hotmail.com> wrote:

    Folks,

    What software do you recommend for auditing / logging while performing
    pen-test assessment.

    I am interested in both network and application level.logging.

    Thanks
    -N

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------


  • Next message: Aditya [ Aditya Lalit Deshmukh ]: "RE: Microsoft SUS on Apache?"

    Relevant Pages

    • Re: Auditing / Logging
      ... The simplest solution would be to simply log all activity using tcpdump in binary ... format. ... This decreases the file size, is faster, and allows you to manipulate it after. ...
      (Pen-Test)
    • Re: Auditing / Logging
      ... > format. ... This decreases the file size, is faster, and allows you to manipulate it after. ... of the exact command that retrieved the data, ...
      (Pen-Test)
    • Re: Auditing / Logging
      ... This decreases the file size, is faster, and allows you to manipulate it after. ... of the exact command that retrieved the data, ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
      (Security-Basics)