It doesn't log the source IP for each connection. Mark Burnett wrote a good article about supplementing this short-coming using a tool called Zebedee. You can find the article on SecurityFocus.com
Apparently this is not available functionality in Win2003 TS either. I haven't tested this yet.
Erik
---------------------------------------
(Msg from BlackBerry Wireless Handheld)
---------------------------------------
Erik Pace Birkholz - CISSP, MCSE
Foundstone, Inc.
Strategic Security
Read Special Ops and mount an assault to eradicate network negligence today. www.SpecialOpsSeries.com
-----Original Message-----
From: alexandre <alexandre (at) secrel.net (dot) br [email concealed]>
To: focus-ms (at) securityfocus (dot) com [email concealed] <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Fri Oct 24 10:05:19 2003
Subject: Terminal Services Auditing?
Hi all,
continuing the TS subject, I think that someone is having access to one of
my servers thru Terminal Services... anyone know how can I audit these TS
logins?? I looked at the events but didn't find any ip logged.
Thanks
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Apparently this is not available functionality in Win2003 TS either. I haven't tested this yet.
Erik
---------------------------------------
(Msg from BlackBerry Wireless Handheld)
---------------------------------------
Erik Pace Birkholz - CISSP, MCSE
Foundstone, Inc.
Strategic Security
Read Special Ops and mount an assault to eradicate network negligence today. www.SpecialOpsSeries.com
[Tel] 949.297.5591
[Cel] 323.252.5916
[Fax] 949.297.5575
[pgp] https://www.foundstone.com/pgpkeys/erik-birkholz.asc
-----Original Message-----
From: alexandre <alexandre (at) secrel.net (dot) br [email concealed]>
To: focus-ms (at) securityfocus (dot) com [email concealed] <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Fri Oct 24 10:05:19 2003
Subject: Terminal Services Auditing?
Hi all,
continuing the TS subject, I think that someone is having access to one of
my servers thru Terminal Services... anyone know how can I audit these TS
logins?? I looked at the events but didn't find any ip logged.
Thanks
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
------------------------------------------------------------------------
---
[ reply ]