INVITATION TO CYBERSECURITY 212 system over the network in real time. This makes it much more difficult for hackers to track down logs and alter them. The Windows OS provides the Event Viewer to configure log settings and to view logs (see Figure 8.10). Windows classifies logs into three main groups: application, security, and system logs. Application logs record events associated with programs installed on the OS, such as when they are installed, modified, or deleted, and when they are used. Security logs record information related to user accounts such as logins and logouts, file accesses, and other security-related events such as password changes. System logs record actions taken by the OS such as running background processes, and also issues related to the operating system like hardware failures and system shutdowns. Figure 8.10 Windows Event Viewer security logs. Logs label events they record with attributes such as timestamp, event ID, and level. The level attribute records the importance of the event. Example levels are information, audit, error, warning, and critical. Items marked critical need to be reviewed. For example, if a user is locked out of his account due to too many failed login attempts, this could be logged as critical because it may be an issue that needs to be fixed or investigated. In addition to the OS, many applications keep their own logs. These logs can be helpful for diagnosing issues with the application, such as why a user action failed. Applications typically show users a generic error message, but they record the technical details of what went wrong in the logs. Showing a user too much diagnostic information might raise more questions than it answers, and it can also be a security risk because it could reveal sensitive information about the inner-workings of the application. If a user encounters an error, systems administrators with proper permissions can review the application logs to diagnose and address the root issue. Applications also record information that acts as implicit logging. For example, web browsers record the sites visited, keep local copies of web pages in the cache, and store cookies. This information is not logs per se, but it can be helpful for accounting (i.e., determining who did what when). Similarly, OSs record when a document was created
RkJQdWJsaXNoZXIy MTM4ODY=