![]() ![]() Log Everything - Configure your IIS logs to record every available field. The following steps help ensure that your data is accurate: Even the smallest inaccuracy can bring into question the validity of the entire set of data. Although there are many legal complexities and you should always seek your own legal advice in these cases, below are some tips that should increase the credibility of your IIS logs.Īccuracy means that you can prove that your log file data truly represents the activity on your Web server. You must take measures to protect the accuracy, authenticity, and accessibility of your IIS log files. Proving that your log files are credible requires that you provide convincing arguments that they are trustworthy and therefore valid as evidence. The modification of one log file is compelling reason to question the validity of every log file on that server. ![]() Because the log files were stored on the same server that was compromised, the intruder could have easily removed evidence or, worse, replaced it with false evidence pointing to someone else. Hundreds of megabytes of log file evidence suddenly became useless due to a single blank line. I checked the last modified date of that file and found that it had been modified two days after the log file was closed. We knew approximately when the intrusion occurred, but we did not know which of several hundred Web sites on a dozen servers was compromised.Īs I mined through hundreds of log files stored on the Web servers, I came across one log file that had, among the thousands of log entries, a single blank line. An intruder broke into an IIS server, uploaded some tools, and then accessed the company's internal database. I once investigated a serious intrusion as part of a criminal investigation. But what would happen if the credibility of your IIS logs was challenged in court? What if the defense claimed the logs were not reliable enough to be admissible as evidence? Often IIS logs are the primary evidence used to track down Web intruders. Many network administrators by now have encountered serious Web server intrusions that have resulted in legal action.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |