Cover Image

Windows security monitoring : Scenarios and patterns /

Dig deep into the Windows auditing subsystem to monitor for malicious activities and enhance Windows system security. Written by a former Microsoft security program manager, DEFCON 'Forensics CTF' village author and organizer, and CISSP, this book digs deep into the Windows security auditi...

Full description

Bibliographic Details
Main Author: Miroshnikov, Andreĭ (Author)
Format: eBook
Language:English
Published: Indianapolis, IN : John Wiley & Sons Inc , 2018.
Subjects:
Microsoft Windows (Computer file)
Computer security.
Computer networks > Security measures.
Operating systems (Computers)
Computer Security
Online Access:Connect to the full text of this electronic book
Description
Summary:Dig deep into the Windows auditing subsystem to monitor for malicious activities and enhance Windows system security. Written by a former Microsoft security program manager, DEFCON 'Forensics CTF' village author and organizer, and CISSP, this book digs deep into the Windows security auditing subsystem to help you understand the operating system's event logging patterns for operations and changes performed within the system. Expert guidance brings you up to speed on Windows auditing, logging, and event systems to help you exploit the full capabilities of these powerful components. Scenario-based instruction provides clear illustration of how these events unfold in the real world. From security monitoring and event patterns to deep technical details about the Windows auditing subsystem and components, this book provides detailed information on security events generated by the operating system for many common operations such as user account authentication, Active Directory object modifications, local security policy changes, and other activities. This book is based on the author's experience and the results of his research into Microsoft Windows security monitoring and anomaly detection. It presents the most common scenarios people should be aware of to check for any potentially suspicious activity.--
Physical Description:1 online resource (xxxiii, 614 pages : : illustrations.)
Bibliography:Includes bibliographical references and index.
ISBN:9781119390909 (electronic bk.)
1119390907 (electronic bk.)