Monterey Technology Group announces New "Security Log Secrets" Seminar by Windows Security Expert Randy Franklin Smith.

Effectively monitoring security activity on Windows networks is more crucial than ever given the current focus on IT security and related legislation like Sarbanes-Oxley and HIPAA. However, monitoring Microsoft Windows systems is a nightmare because of hundreds of cryptic, undocumented codes, lack of tools and the proliferation Windows systems on the typical network. In "Security Log Secrets" Windows security expert and well known writer on the Windows security, Randy Franklin Smith, shares his experience with professionalsm, revealing how to read the security log, exploit its value and implement effective monitoring to reduce security risks and comply with legislative requirements.

July 26, 2004 -- For the first time, Window IT professionals have an opportunity to fully leverage Window's cryptic security log for monitoring, intrusion detection and computer forensics purposes.

"The Windows security log is extremely important to monitoring all aspects of Windows security, but it's safe to say the Windows security log is also the most poorly documented area of Windows 2000 and Windows Server 2003, says Randy Franklin Smith, CEO of Monterey Technology Group and creator of the Security Log Secrets course. "For most events, Microsofts documentation simply restates the static text of the event's description. While some information does exist, it's riddled with inaccuracies. Most important, there is insufficient guidance and very little background information for individual events, nor are events described in context with other events. There are no suggested courses of action."

"In addition to poor event documentation," Mr. Smith continued, "security log event IDs and codes vary from one Windows version to the next making security log knowledge even more arcane. This complicates the design of programs that monitor the security log."

Mr. Smith began researching the Windows security log in 1998 for a client project. Since then he has provided design consultation to developers of event log monitoring products and written over a dozen articles on the subject, several of which now reside on Microsoft's Technet website. "Due to the lack of accurate documentation, I've reverse engineered every event ID in the security log along with the codes and other detailed fields within each event. Along the way I've developed an understanding of events in relation to each other and been able to link user and administrator level actions with patterns of events. The security log tells a lot of stories if you know how to read the tea leaves," said Mr. Smith.

Because of constant interest from readers, Mr. Smith decided to create the Security Log Secrets course (http://www.ultimatewindowssecurity.com) as an in-person venue for sharing the results of years of research and helping attendees implement effective monitoring and intrution detection. Security Log Secrets is an intensive 2-day course that covers all 9 audit categories of Windows Server 2003 and illuminates the subtle, yet critical, differences between 2003, 2000 and XP security events. "One of the most challenging factors in effectively monitoring Windows is the fact that each system has its own security log containing its discrete portion of your network's overall security activity," commented Mr. Smith. Security Log Secrets provides techniques for automating the process of merging, monitoring and analyzing the many security logs in a Windows network. In addition to knowledge attendees come away with the Security Log Secrets Tool Kit CD full of scripts and free tools.

The 2 day Security Log Secrets course is provided through Monterey Technology Group, Inc. and taught exclusively by Randy Franklin Smith. The course is available publicly or on-site.

About Monterey Technology Group, Inc.

Monterey Technology Group, Inc. was founded in 1997 by Randy Franklin Smith. The company provides IT security consulting for Windows Server 2003 and Active Directory technologies. Mr. Smith has been contributing technical articles to industry magazines and professionals since 1996. He is a contributing editor at Windows & .NET Magazine and the technical editor for Security Administrator where he writes the "Access Denied" column.

CONTACT INFORMATION:
Randy Franklin Smith
Monterey Technology Group, Inc.
864-587-9720
http://www.ultimatewindowssecurity.com

# # #