Photo by Ryoji Iwata on Unsplash
Security risks from insufficient logging and monitoring
Turning a Blind Eye
Whether or not an application or a server logs something is initially of no interest to an attacker; neither is whether or not someone evaluates the logged data. No attack technique allows the server to be compromised because of a lack of logging. Nor is it possible to use missing log monitoring directly for attacks against users. The only thing that has happened so far has been direct attacks by logfiles: If a cross-site scripting (XSS) vulnerability allows the injection of JavaScript malware into logfiles and the administrator evaluates the logfiles with a tool that executes JavaScript, an attack is possible (e.g., by manipulating the web application with the administrator's account or by infecting the computer with malicious code through a drive-by infection).
Knowing Nothing Is a Weakness
Despite the apparent insignificance of logs in system security, "Insufficient Logging & Monitoring" made it into the Open Web Application Security Project (OWASP) 2017 Top 10 [1] in 10th place, whereas the cross-site request forgery (CSRF) attack, which can cause actual damage, is in 13th place [2]. CSRF attacks got the lower rating because most web applications are now developed using frameworks, and most of them now include CSRF protection. In fact, CSRF vulnerabilities have only been found in about five percent of applications. Another reason for the ranking is that, although insufficient logging and monitoring cannot be exploited directly for attacks, it contributes significantly to the fact that attacks that take place are not detected, which plays into the hands of the attackers.
How much does a penetration test show? The pen tester's actions should be logged so extensively that the attack and its consequences can be traced. If this is not the case, you will have a problem
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Build a secure development and production pipeline
We investigate best practices to secure CI/CD pipelines with DevSecOps. -
Open source forensics for adaptive detection of threats on CRITIS networks
The open source tool Velociraptor is at the heart of a solution that automatically detects cyber threats in industrial environments, offering a defensive strategy and protecting critical infrastructures. -
Security analysis with Microsoft Advanced Threat Analytics
Classic security safeguards, like antivirus and firewall products, are imperative for system protection. To search proactively for network intruders, as well, Microsoft offers Advanced Threat Analytics – a tool that will help even less experienced admins. -
Reducing the Attack Surface in Windows
The sum total of all possible points of attack can be defined as the attack surface, and you need to take every opportunity to minimize it to the extent possible. Windows has built-in rules that minimize the attack surface; they simply need to be enabled. -
Blocking SQL injections with GreenSQL
SQL injection can strike at any moment. GreenSQL is an effective remedy that sits between the database and application and filters out suspicious queries.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
