TrainSignal
Blog

Where IT pros go for news, tips, certification info, videos and more.

TrainSignal Free Trial

Ethical Hacking: Techniques to Preserve Evidence of an Attack

Topics Mentioned
Certification(s):

Watch these Ethical Hacking videos, and you’ll understand skills like network sniffing, social engineering, wireless attacks, and more. With these tactics of ethical hacking you’ll learn security techniques through the mind of an attacker.

Transcription

On the network defense side, the best ways I find to preserve evidence of attack are going to be things like honeypots, firewalls and intrusion detection systems. Why? Because those are all designed, as you heard earlier, to watch for specific patterns in traffic, to watch for attacks, to watch for unauthorized access, and then the moment they see it, begin preserving evidence and alerting administrators. Whether they’re stopping the attack, or even encouraging the attack to continue, actually depends very heavily on the technique and the software that you’re using and the systems that you’re using. But, by and large, the best ways that administrators can actually defend against a network is by detecting the attack and actually preserving evidence for potential later analysis, and possibly for law enforcement reporting.

Group Policy

In addition, you saw the techniques around event log clearing. There are ways through group policy, and a couple of other ways, to actually prevent users from clearing event log entries. Those are important for administrators to remember. It’s actually pretty straightforward and easy as part of group policy and protecting the log collection point.

Log Collection

If an administrator is using log collection as a security evidence collection system, which hopefully is not the case, then you want to consider protecting the log collection point, ensuring that only a small set of very authorized users can clear that log. You want to ensure that they can only do so when the evidence is actually collected and protected for long term.

More Related Posts

  1. Cisco IOS Access Control Lists (ACLs)
  2. 4 Improved Security Features in Windows Server 2008
  3. FireSheep: How to Protect Yourself when using Public WiFi
  4. Top 10 Free ITIL® v3 Ebooks, Blogs and Online Resources
  5. Windows 7 Security Tips

About the Author

has worked in the IT field for more than 20 years. He is an award-winning author, public speaker, and instructor on a variety of technology topics including security, virtualization, cloud computing, wireless and wired networking, and IT lifecycle processes. His operations experience includes managing the Xbox LIVE operations team, the largest cloud computing operations team in the world, and consulting on operations efficiency with countless clients around the world. Mike has published several books (including two for O’Reilly) and numerous papers. He is a frequent conference speaker and classroom instructor on IT operations, computer security, and technology frameworks. Mike holds a number of certifications and accreditations including Certified Information Systems Security Professional (CISSP) practitioner and instructor.

Author's Website: http://www.nextdirectiontech.com/

Discussion

About Us

TrainSignal is a fun, profitable and high growth company founded in 2002 that produces premium quality computer training videos with a focus on making learning more fun and more effective. Our training is very comprehensive and designed to give our customers in-depth knowledge, build hands-on skills and promote career advancement.

Our Training Products

Connect With Us

Copyright © 2002-2013 TrainSignal, Inc. All Rights Reserved. All logos and trademarks are property of their respective owners.