Home Page Icon
Home Page
Table of Contents for
Title Page
Close
Title Page
by Andrei Miroshnikov
Windows Security Monitoring
Cover
Title Page
Introduction
Who This Book Is For
What This Book Covers
How This Book Is Structured
What You Need to Use This Book
Conventions
What's on the Website
Part I: Introduction to Windows Security Monitoring
CHAPTER 1: Windows Security Logging and Monitoring Policy
Security Logging
Security Monitoring
Part II: Windows Auditing Subsystem
CHAPTER 2: Auditing Subsystem Architecture
Legacy Auditing Settings
Advanced Auditing Settings
Windows Auditing Group Policy Settings
Windows Auditing Architecture
Security Event Structure
CHAPTER 3: Auditing Subcategories and Recommendations
Account Logon
Account Management
Detailed Tracking
DS Access
Logon and Logoff
Object Access
Policy Change
Privilege Use
System
Part III: Security Monitoring Scenarios
CHAPTER 4: Account Logon
Interactive Logon
RemoteInteractive Logon
Network Logon
Batch and Service Logon
NetworkCleartext Logon
NewCredentials Logon
Account Logoff and Session Disconnect
Special Groups
Anonymous Logon
CHAPTER 5: Local User Accounts
Built-in Local User Accounts
Built-in Local User Accounts Monitoring Scenarios
Local User Account Password Modification
Local User Account Enabled/Disabled
Local User Account Lockout Events
Local User Account Change Events
CHAPTER 6: Local Security Groups
Built-in Local Security Groups
Built-in Local Security Groups Monitoring Scenarios
CHAPTER 7: Microsoft Active Directory
Active Directory Built-in Security Groups
Built-in Active Directory Accounts
Active Directory Accounts Operations
Active Directory Group Operations
Active Directory Trust Operations
Domain Policy Changes
Account Password Migration
CHAPTER 8: Active Directory Objects
Active Directory Object SACL
Active Directory Object Change Auditing
Active Directory Object Operation Attempts
Active Directory Objects Auditing Examples
CHAPTER 9: Authentication Protocols
NTLM-family Protocols
Kerberos
CHAPTER 10: Operating System Events
System Startup/Shutdown
System Time Changes
System Services Operations
Security Event Log Operations
Changes in Auditing Subsystem Settings
Per-User Auditing Operations
Scheduled Tasks
Boot Configuration Data Changes
CHAPTER 11: Logon Rights and User Privileges
Logon Rights
User Privileges
User Privileges Policy Modification
Special User Privileges Assigned at Logon Time
Logon Session User Privileges Operations
Backup and Restore Privilege Use Auditing
CHAPTER 12: Windows Applications
New Application Installation
Application Execution and Termination
Application Crash Monitoring
Windows AppLocker Auditing
Process Permissions and LSASS.exe Access Auditing
CHAPTER 13: Filesystem and Removable Storage
Windows Filesystem
File and Folder Operations
Removable Storage
Global Object Access Auditing: Filesystem
File System Object Integrity Levels
Monitoring Recommendations
CHAPTER 14: Windows Registry
Windows Registry Basics
Registry Operations Auditing
Global Object Access Auditing: Registry
Registry Key Integrity Levels
Monitoring Recommendations
CHAPTER 15: Network File Shares and Named Pipes
Network File Shares
Named Pipes
APPENDIX A: Kerberos AS_REQ, TGS_REQ, and AP_REQ Messages Ticket Options
APPENDIX B: Kerberos AS_REQ, TGS_REQ, and AP_REQ Messages Result Codes
APPENDIX C: SDDL Access Rights
Object-Specific Access Rights
End User License Agreement
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Table of Contents
Next
Next Chapter
Introduction
Windows® Security Monitoring
Scenarios and Patterns
Andrei Miroshnikov
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset