ANALYSIS AND MAPPING OF LOG ERRORS IN ACTIVE DIRECTORY IN A REAL PRODUCTION ENVIRONMENT: A CASE STUDY IN COMPANY ALFA
DOI:
https://doi.org/10.61164/rmnm.v12i1.4231Palabras clave:
Microsoft Windows, Active Directory, Event logs, Corporate environmentResumen
In corporate networks, Active Directory (AD) is one of the main tools for managing, centralizing, and authenticating user and service access. In this context, mapping the main errors related to AD is essential to prevent future failures. This article presents a case study at Alfa Company, which has 4,000 users in AD, based on the analysis of logs collected between January 2022 and December 2023. Thus, the 10 most frequent errors were identified and classified into two categories: Application Logs and System Logs. Each error was mapped, categorized, and represented by graphs and tables, considering type, class, frequency, affected user profile, and possible solutions. The results demonstrate that the systematization of errors contributed significantly to identifying recurring failures, assessing impacts on the corporate environment, and developing practical and effective solutions
Referencias
Active Directory: O que é e como funciona? Controle Net, São Paulo, 23 de jun. de 2022. Available at: https://www.controle.net/faq/active-directory/. Accessed on: April 6, 2025.
Active Directory: saiba o que é e como funciona esse recurso. Dinamio, 5 de abr. de 2021. Available at: https://www.dinamio.com.br/blog/2021/04/05/active-directory-saiba-o-que-e-e-como-funciona-esse-recurso/. Accessed on: April 2, 2025.
BARRETO, Jeanine S.; ZANIN, Aline; SARAIVA, Maurício O. Fundamentos de redes de computadores. Porto Alegre: SAGAH, 2018. ISBN 9788595027138. Available at: https://integrada.minhabiblioteca.com.br/reader/books/9788595027138/. Accessed on: April 2, 2025.
FOULDS, Iain et al. Visão geral dos serviços de domínio Active Directory. Microsoft, 8 de mar. de 2023 Available at: https://learn.microsoft.com/pt-br/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview/. Accessed on: April 2, 2025.
FOROUZAN, Behrouz A. Comunicação de dados e redes de computadores. 4. ed. Porto Alegre: ArtMed, 2010. E-book. p.i. ISBN 9788563308474. Available at: https://integrada.minhabiblioteca.com.br/reader/books/9788563308474/. Accessed on: April 6, 2025.
GRIPPO, T.; KHOLIDY, H. A. Detecting Forged Kerberos Tickets in an Active Directory Environment. ArXiv, 2022. DOI: https://doi.org/10.48550/arXiv.2301.00044.
HARWOOD, Robin et al. Credentials Processes in Windows Authentication. Microsoft, 13 de set. de 2023 Available at: https://learn.microsoft.com/en-us/windows-server/security/windows-authentication/credentials-processes-in-windows-authentication. Accessed on: April 6, 2025.
KEYOGEG, Benjamin et al. Automated detection of ransomware in windows active directory domain services using log analysis and machine learning. Authorea Preprints, 2024. DOI: 10.22541/au.172779663.36925703/v1. DOI: https://doi.org/10.22541/au.172779663.36925703/v1
KUROSE, J. F.; ROSS, K. W. Redes de computadores e a Internet. Bookman Editora, 2021. Available at: https://archive.org/details/kurose-redes-de-computadores-e-a-internet-8a/. Accessed on: April 3, 2025.
LAKATOS, Eva M. Fundamentos de Metodologia Científica. Grupo GEN, 2021. E-book. Available at: https://integrada.minhabiblioteca.com.br/#/books/9788597026580/. Accessed on: April 2, 2025.
LIANG, Han et al. Erro ou problemas de conexão ao configurar endereços WINS para um servidor WINS. Microsoft Windows, 15 de jar. de 2025. Available at: https://learn.microsoft.com/pt-br/troubleshoot/windows-server/networking/setting-wins-server-options. Accessed on: April 2, 2025.
MARCONI, Marina de A.; LAKATOS, Eva M. Metodologia Científica. Grupo GEN, 2022. Available at: https://integrada.minhabiblioteca.com.br/#/books/9786559770670/. Accessed on: April 2, 2025.
MOKHTAR, Basem Ibrahim et al. Active directory attacks: steps, types, and signatures. Electronics, volume 11, número 16, página 2629, 2022. DOI: https://doi.org/10.3390/electronics11162629. DOI: https://doi.org/10.3390/electronics11162629
MORAES, Alexandre Fernandes de. Firewalls: Segurança no Controle de Acesso. Editora Saraiva, 2015. E-book. ISBN 9788536521978. Available at: https://integrada.minhabiblioteca.com.br/#/books/9788536521978/. Accessed on: April 2, 2025.
MORAES, A. Fernandes de. Segurança em Redes: Fundamentos. Ed. Saraiva, 2010. Available at: https://integrada.minhabiblioteca.com.br/#/books/9788536522081/. Accessed on: April 2, 2025.
MOTERO, Carlos Díaz et al. On attacking Kerberos authentication protocol in windows active directory services: A practical survey. IEEE Access, v. 9, p. https://doi.org/109289-109319, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3101446
RADAH, Tarek; CHAOUI, Habiba; SAADI, Chaimae. Detecting Unconventional and Malicious Windows Authentication Activities Through Statistical Rarity Assessment. International Journal of Safety & Security Engineering, v. 13, n. 5, 2023. DOI: https://doi.org/10.18280/ijsse.130501. DOI: https://doi.org/10.18280/ijsse.130501
WHITE, Steven et al. Bibliotecas COM, DCOM e Type. Microsoft, 13 de mar. de 2025. Available at: https://learn.microsoft.com/pt-br/windows/win32/midl/com-dcom-and-type-libraries. Accessed on: April 6, 2025.
Descargas
Publicado
Número
Sección
Licencia
Derechos de autor 2025 Revista Multidisciplinar do Nordeste Mineiro
Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial-CompartirIgual 4.0.
