NT Security Log Monitoring

When monitoring NT services and your network, security violations are one of the most significant events that need timely identification and notification of the appropriate personnel.

Through its event log filtering, TOPPER can monitor the NT Security event log and then display and alarm on problems in order to alert the appropriate staff in a timely manner. TOPPER can catch and alarm on these events while they are in progress and send out pages, email notifications, and/or SNMP traps immediately.

The NT security log is your final layer of defense in your security strategy. The security log can track what programs your users access and what objects they access and how. But getting to the valuable information contained in these logs can be difficult, even with many of the NT security tools that are on the market. But with Topper's ability to filter information in the NT event logs, access to the security log is simplified and appropriate staff can be advised when questionable situations arise.

There are several categories of security events. Listed below, they also show what threats could be detected from monitoring these events:

*Audit Event*	*Threat it Could Detect*
Auditing logon/logoff failures	Random Password Hack
Auditing logon/logoff successes	Stolen User Credentials
Auditing successful events such as changes to users and groups, system restarts and shutdowns and other system events	Misuse of user rights
Auditing file-access or object-access failures and successes for specific files or objects	Incorrect permissions set on sensitive files
Auditing printer-access successes and failures	Incorrect printer permissions
Auditing successful and unsuccessful attempts to write program files (i.e. .exe. .com, .sys, .vbs and .dll)	Virus attack

By default, NT does not monitor the security events. It must be enabled before it can be monitored by TOPPER. When enabling security monitoring, you must choose which events to monitor and whether you wish to monitor success or failure of these events.