Intrusion Discovery Cheat Sheet V2.0 Windows Xp Pro / 2003 Server / Vista

ADVERTISEMENT

Intrusion Discovery
Unusual Log Entries
Cheat Sheet v2.0
Check your logs for suspicious events, such as:
Windows XP Pro /
Additional Supporting Tools
“Event log service was stopped.”
2003 Server / Vista
The following tools are not built into Windows
POCKET REFERENCE GUIDE
SANS Institute
operating system but can be used to analyze security
“Windows File Protection is not active on this
and
issues in more detail. Each is available for free
system.”
Download the latest version of this sheet from
download at the listed web site.
"The protected System file [file name] was
Purpose
DISCLAIMER: The SANS Institute is not
not restored to its original, valid version
System Administrators are often on the front
responsible for creating, distributing,
because the Windows File Protection..."
lines of computer security. This guide aims
warranting, or supporting any of the following
to support System Administrators in finding
tools.
“The MS Telnet Service has started
indications of a system compromise.
successfully.”
Tools for mapping listening TCP/UDP ports to the
program listening on those ports:
Look for large number of failed logon
How To Use This Sheet
attempts or locked out accounts.
On a periodic basis (daily, weekly, or each time you
Fport – command-line tool at
logon to a system you manage,) run through these
To do this using the GUI, run the Windows event
quick steps to look for anomalous behavior that
viewer:
might be caused by a computer intrusion. Each of
TCPView – GUI tool at
C:\> eventvwr.msc
these commands runs locally on a system.
This sheet is split into these sections:
Using the command prompt:
Unusual Processes and Services
Unusual Files and Reg Keys
C:\> eventquery.vbs | more
Additional Process Analysis Tools:
Unusual Network Usage
Process Explorer – GUI tool at
Or, to focus on a particular event log:
Unusual Scheduled Tasks
Unusual Accounts
C:\> eventquery.vbs /L security
TaskMan+ -- GUI tool at
Unusual Log Entries
Other Unusual Items
Other Unusual Items
Additional Supporting Tools
The Center for Internet Security has released various
Look for unusually sluggish performance and a
Windows security templates and security scoring
If you spot anomalous behavior: DO NOT PANIC!
single unusual process hogging the CPU: Task
tools for free at
Your system may or may not have come under
Manager  Process and Performance tabs
attack. Please contact the Incident Handling Team
immediately to report the activities and get further
Look for unusual system crashes, beyond the normal
assistance.
level for the given system.

ADVERTISEMENT

00 votes

Related Articles

Top 20 Happy Easter Cards And Gift Tags To Download For Free
Top Ten Easter Arts And Crafts Activities For Your Kids
Free Easter Coloring Pages And Easter Printables For Your Kids

Related forms

Intrusion Discovery Cheat Sheet V2.0 Windows Xp Pro / 2003 Server / Vista Intrusion Discovery Cheat Sheet V2.0 Windows Xp Pro / 2003 Server / Vista Education
Linux Cheat Sheet- Cygwin On Windows Commands Linux Cheat Sheet- Cygwin On Windows Commands Education
Scala Cheat Sheet V.0.1 Scala Cheat Sheet V.0.1 Education
Jquery 1.2 Cheat Sheet V1.0 Jquery 1.2 Cheat Sheet V1.0 Education
Nmap Cheat Sheet V1.0 Nmap Cheat Sheet V1.0 Education
.htaccess Cheat Sheet V1.0 .htaccess Cheat Sheet V1.0 Education
Windows Excel Keyboard Shortcuts Cheat Sheet Windows Excel Keyboard Shortcuts Cheat Sheet Education
Windows 8 Cheat Sheet Windows 8 Cheat Sheet Education
Windows 8 Cheat Sheet Windows 8 Cheat Sheet Education
Cheat Sheet - Subnetting Cheat Sheet - Subnetting Education

Related Categories

Parent category: Education
Download
Go
Page of 2