- Topics Mentioned
- Certified Ethical Hacker
Watch these Ethical Hacking videos, and you’ll understand skills like network sniffing, social engineering, wireless attacks, and more. With these tactics of ethical hacking you’ll learn security techniques through the mind of an attacker.
On the network defense side, the best ways I find to preserve evidence of attack are going to be things like honeypots, firewalls and intrusion detection systems. Why? Because those are all designed, as you heard earlier, to watch for specific patterns in traffic, to watch for attacks, to watch for unauthorized access, and then the moment they see it, begin preserving evidence and alerting administrators. Whether they’re stopping the attack, or even encouraging the attack to continue, actually depends very heavily on the technique and the software that you’re using and the systems that you’re using. But, by and large, the best ways that administrators can actually defend against a network is by detecting the attack and actually preserving evidence for potential later analysis, and possibly for law enforcement reporting.
In addition, you saw the techniques around event log clearing. There are ways through group policy, and a couple of other ways, to actually prevent users from clearing event log entries. Those are important for administrators to remember. It’s actually pretty straightforward and easy as part of group policy and protecting the log collection point.
If an administrator is using log collection as a security evidence collection system, which hopefully is not the case, then you want to consider protecting the log collection point, ensuring that only a small set of very authorized users can clear that log. You want to ensure that they can only do so when the evidence is actually collected and protected for long term.