Home > Windows tools for investigating an attack
Security School:
EMAIL THIS LICENSING & REPRINTS

Windows tools for investigating an attack

07 Jun 2007 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

by Michael Cobb

This checklist is a companion to the primer, Web site attacks and how to defeat them, part of SearchSecurity.com's Intrusion Defense School lesson, Web attack defense and prevention.

 Windows tools for investigating an attack
Run event viewer to look at logs:
C:\> eventvwr.msc
Look for suspicious events:
"Event log service was stopped."
"Windows File Protection is not active on this system."
"The MS Telnet Service has started successfully."
Look for a large number of failed logon attempts or locked out accounts.
Look at file shares, and make sure each has a defined business purpose:
C:\> net view 127.0.0.1
Look at who has an open session with the machine:
C:\> net session
Look at which sessions the machine has opened with other systems:
C:\> net use
Look at NetBIOS over TCP/IP activity:
C:\> nbtstat –S
Look for unusual listening TCP and UDP ports:
C:\> netstat –na
Look for unusual scheduled tasks on the local host, especially those that run as a user in the Administrators group, as SYSTEM, or with a blank user name by running:
C:\> at
Look for new, unexpected accounts in the Administrators group:
C:\> lusrmgr.msc
Look for unusual/unexpected processes:
Run Task Manager
Look for unusual network services:
C:\> net start
Check file space usage to look for sudden major decreases in free space:
C:\> dir

Security School

Download the primer: Web site attacks and how to defeat them.

Return to Intrusion Defense School.



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Identify and analyze Web server attacks
Web site attacks and how to defeat them
Essential fortification checklist
Life at the edge: Securing the network perimeter
Life at the edge part 2: Divide and conquer with DMZs
Life at the edge part 3: Resistance to failure
Life at the edge part 4: When things go wrong
Quiz: Identify and analyze Web server attacks

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
Find Security Channel Research for Resellers and Partners
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts