Options

Account logon log vs. Security Log

RoyalTechRoyalTech Member Posts: 94 ■■□□□□□□□□
in Security+
These logs, along with the Account login audit audit, are all mentioned in DG's book. My question is are they all the same thing or are there differences? Is the the account logon simply one of the things that is logged into the security log? They seemed very similar to me if not the same thing. Thanx in advance.
· Share on FacebookShare on Twitter

Comments

  • Options
    DarrilDarril Member Posts: 1,588
    I'm not sure I see what you're seeing. I just did a search of the book looking for Account Logon log but I can't find any instances.

    The Microsoft Security log viewable with Event Viewer does record (or log) account logon events (both success and failures). In other words when someone successfully logs in it can be recorded as a successful logon, and when someone enters the wrong password or the wrong username it can be recorded as a logon failure.

    An audit is something else. An audit would examine logs looking for anomalies.

    Does that help?
    Darril Gibson
    CompTIA A+, Network+, Security+ Blogs
    Daily Network+ and Security+ Test Taking Tips on Twitter
    · Share on FacebookShare on Twitter
  • Options
    RoyalTechRoyalTech Member Posts: 94 ■■□□□□□□□□
    I think I was referring to the section on Account Access Review on pages 119 and 120. I may have confused some of the terms I saw as meaning they were actual logs in the Event Viewer. In the remember this box it does mention account logon events which is why I may have assumed this. It is here that the account login audit is also mentioned. I'm assuming that the account logon events are just events found in the Security log of the Event Viewer.

    On a completely different note, could you or anyone else, give me a way to differentiate between a XSS and a XSRF. I'm having a bit of trouble with the concept of injection attacks in general. I got your practice test book and am getting 100% on pretty much every practice test but I still lack some comprehension on this area in particular. I have looked up the two topics on the web and found plenty of stuff, I just seem to have trouble with the concept. I don't have any experience in programming beyond some very very basic XHTML so that might have something to do with it.
    · Share on FacebookShare on Twitter
  • Options
    DarrilDarril Member Posts: 1,588
    Yes, account logon events are events found in the Security log of the Event Viewer.

    On XSS and CSRF, the short answer is:
    • In XSS, malicious code from a web site is downloaded and run on user's computer.
    • In CSRF, malicious code is run from a user's computer to a trusting web site.
    • -
    • In XSS, client-side code is downloaded from the web site and can take a variety of malicious actions.
    • In CSRF, code is sent from the client computer to a trusting web site and can also take a variety of malicious actions. It is primarily used when the user visits a web site that uses credentials stored in cookies.
    • -
    • XSS exploits the trust of the user's computer with a web site.
    • CSRF exploits the trust that a web site has with a user's computer or web browser.
    This page might be useful: Cross Site Scripting (XSS) vs. Cross Site Request Forgery (CSRF) « Niraj Bhatt – Architect's Blog.

    Someone else may be able to add to this. Both topics have much more depth.

    While typing this I was reminded of when I was studying for an early MCSE cert (many moons ago). SQL and database concepts kept popping up and I just couldn't grasp some of the topics. After completeing the MCSE, I ended up pursuing the SQL Server certifications to get a better grasp on databases but during this process, different programming concepts that were beyond my Pascal and C background from college kept popping up. After getting the SQL Server certifications, I ended up pursuing some .Net certifications filling in some holes with application development. Through it all, I gained a lot of knowledge but sometimes I just needed to push the "I believe" button so that I could finish and move on.

    Why do I say this? Based on your posts, I'm betting you've long been ready to take the Security+ exam. After completing it, and moving onto other studies, you'll probably gain a much deeper understanding of many of these topics.

    That said, I'm wondering if you have a target date in mind?
    Darril Gibson
    CompTIA A+, Network+, Security+ Blogs
    Daily Network+ and Security+ Test Taking Tips on Twitter
    · Share on FacebookShare on Twitter
  • Options
    RoyalTechRoyalTech Member Posts: 94 ■■□□□□□□□□
    Darril,

    That makes me feel pretty good. I have already set the date. I'm taking it on Tuesday the 4th. I just posted in another thread that I hadn't done well on CompTIA's practice exam. I'm very solid with your practice questions though. It just made me a bit nervous. I hope you are right.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.