From the course: Threat Modeling: Repudiation in Depth
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Logs
- [Narrator] Logs record what happened when and store it for later analysis. That's way simpler than all that crypto and sometimes it's enough to meet your needs. So what should you log? There's a model that can help, but it's a bit complex. Ready? Log who, what, why, when, and where. These are not just logs for debugging, they're logs for investigation later and so what you need are the facts. Just the facts. Log the who. Is this a network connection? Log the IP and the DNS. If it's a local account, log the who and remember that lots of systems have layers of login. I can run commands as Bob via SU and then log into the data base as Charlie. To the extent that you can, capture all of those names. Log what they're doing, commands and arguments. Log what choices you make and why. Log and denied versus log and denied for bad IP address. Also, log the weird. Anytime you come to the end of a switch or case…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.