i want to learn some more about how good admins work with tracing a hacker.. i mean, wich programs they use, wich logs they check, wich basics there are ..
would be really helpfull for me! tnx in advance
Full Version: Admins
Well, If a Windows 2003 Server is installed, the administrators will allways check there System Logs, The Microsoft Management Console (MMC) will also be used for checking some dictonary logs.
You could use some programs for checking you Bandwith use, the number of ports that are open, in & out going traffic.
If you want to protect your self against the newest exploits then it would be allways handy to do as much updates you can. Also have a Virus scanner & Spam killer installed. If you want to do it real good you could put some Hardware Firewalls in the system and use Web & Mail Sweep for checking out all the in en out going traffic.
Well hope some guys knows some nice porgram titles. I don't :S Sorry
You could use some programs for checking you Bandwith use, the number of ports that are open, in & out going traffic.
If you want to protect your self against the newest exploits then it would be allways handy to do as much updates you can. Also have a Virus scanner & Spam killer installed. If you want to do it real good you could put some Hardware Firewalls in the system and use Web & Mail Sweep for checking out all the in en out going traffic.
Well hope some guys knows some nice porgram titles. I don't :S Sorry
TrafMeter is a coooooool proggi 2 check the traffic, i use it sometimes:
http://www.lastbit.com/trafmeter/default.asp
also if this server got Terminal Service i recommend 4 a admin 2 see in the users database which users r exists.. right-click on "my computer", "Manage", "local users and groups"... make sure the guest is disabled & only the users who admin got the "administrator" flag
http://www.lastbit.com/trafmeter/default.asp
also if this server got Terminal Service i recommend 4 a admin 2 see in the users database which users r exists.. right-click on "my computer", "Manage", "local users and groups"... make sure the guest is disabled & only the users who admin got the "administrator" flag
Some clients I work with place sniffers in front of all mission critical devices. THis way a traffic recording may be available at all times for forensic work even if the criminal destroys the logs on the compromised device.
| QUOTE (GSecur @ May 4 2004, 12:57 PM) |
| Some clients I work with place sniffers in front of all mission critical devices. THis way a traffic recording may be available at all times for forensic work even if the criminal destroys the logs on the compromised device. |
Must give some overhead.
while on the topic i was just wondering what i could put into a batch file do delete all logs of things.. not just like "del c:\*.log /s" .. something like the AV and firewall killer batch files..
anyone have a list of lognames?
eg
del c:\*.log /s
del systemlog.txt
del netlog.txt /s
and so on..
anyone have a list of lognames?
eg
del c:\*.log /s
del systemlog.txt
del netlog.txt /s
and so on..
| QUOTE (Demsta @ May 4 2004, 02:45 PM) |
| while on the topic i was just wondering what i could put into a batch file do delete all logs of things.. not just like "del c:\*.log /s" .. something like the AV and firewall killer batch files.. anyone have a list of lognames? eg del c:\*.log /s del systemlog.txt del netlog.txt /s and so on.. |
I don't know any more, but i do use this : http://ntsecurity.nu/toolbox/clearlogs/
it clears the windows logfiles from a pc.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
