Detecting Server Attacks

Previous page
Table of content
Next page
 < Day Day Up > 

Detecting server attacks can be a never-ending task of implementation, monitoring, testing, and then reimplementing new or updated methods. Servers, or any computer for that matter, can be attacked in several ways, and implementing a single detection method is impractical. For example, if you install a firewall to protect against external network attacks, the server is still vulnerable to internal network attacks, viruses, application flaws, or even physical theft of the server to name only a few. You should apply detection and prevention methods to all possible areas that might affect or come into contact with your servers. Table 13-3 displays possible attack avenues to your server and some basic recommendations to help detect such attacks against them.

Table 13-3. Detecting Attacks

Attack Type

Recommendation

Password guessing

Monitor and review security logs for login attempts.

Worms and viruses

Watch for inconsistent or unusual behavior from your server or anti-virus software warnings.

Application flaws (buffer overflows)

Be alert to programs crashing.

External network attacks

Review firewall Syslog entries or other log files for entries that look like probes or unusual traffic. Lastly, review IDS log files.

Internal network attacks

Review internal Event Viewer log files and the IDS Event Viewer for bad signatures.

Ping (ICMP) sweeps

Watch for IDS warning messages or monitor network traffic by hand to inspect for ICMP traffic anomalies.

Server file system

On Windows NTFS file systems, enable security auditing and monitor access to local files.

Physical access to the server room

Monitor maintenance logs and video cameras.

Backups

Monitor logs for missing backup tapes.


Tip

Microsoft contains several security tools that greatly assist in identifying weak areas within your organization. See http://www.microsoft.com/technet/Security/tools/default.mspx for tools such as Security Risk Self Assessment tool, which produces a detailed report with recommendations on your overall security environment.


     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209
    Authors: Andrew Whitaker, Daniel Newman
    BUY ON AMAZON
    Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
    WebLogic: The Definitive Guide
    C++ GUI Programming with Qt 3
    Information Dashboard Design: The Effective Visual Communication of Data
    Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
    Extending and Embedding PHP
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy