Additional Information
RFC 2196: Site Security Handbook (http://www.ietf.org/rfc/rfc2196.txt)
RFC 2350: Expectations for Computer Security Incident Response (http://www.ietf.org/rfc/rfc2350.txt)
ISO 17799: Code of Practice for Information Security Management (http://www.iso-17799.com/)
Microsoft Operations Framework (MOF) Resource Library (http://microsoft.com/technet/itsolutions/tandp/opex/mofrl/default.asp)
Forum of Incident Response Security Teams Web site (http://www.first.org)
Steps for Recovering from a UNIX or NT System Compromise white paper from the CERT Coordination Center at Carnegie Mellon University (http://www.cert.org/tech_tips/root_compromise.html)
Microsoft Solution for Securing Windows 2000 Server (http://www.microsoft.com/technet/security/prodtech/Windows/SecWin2k/default.asp)
The Cuckoo s Egg: Tracking a Spy Through the Maze of Computer Espionage (Pocket Books, 2000)
Incident Response: Investigating Computer Crime (Osborne, 2001)
Incident Response: A Strategic Guide to Handling System and Network Security Breaches (New Riders, 2002)
Network Intrusion Detection, Third Edition (New Riders, 2002)
296085: How to Use SQL Server to Analyze Web Logs
313064: Monitor Web Server Performance by Using Counter Logs in System Monitor in IIS
326444: How to Configure the URLScan Tool
300390: How to Enable IIS Logging Site Activity in Windows 2000
The previous four articles can be accessed through the Microsoft Knowledge Base. Go to http://support.microsoft.com and enter the article number in the Search The Knowledge Base text box.