ORD Discussion Schedule

4 March 1997

Stolen Computer
Admin support
Graduate students (Spring Qtr)
History Project

stuff of interest w/ comments (working document)

The Insider Problem
Due to limited events in NT Auditing, detection of misuse of authority may require additional information; (eg type of data available in fraud detection)
Sources of examples of misuse

categorized audit data

NT Auditing

  • Event list
  • Audit API and audit log abstractions
  • Disabling NT audit
  • Lunch-Dos Coyotes or Pub

    Macro Virsus in the Large

    Technical Exchange Meeting after-hours @ Sudwerks