Penetration Testing and Network Defense

 < Day Day Up > 

Detecting server attacks can be a never-ending task of implementation, monitoring, testing, and then reimplementing new or updated methods. Servers, or any computer for that matter, can be attacked in several ways, and implementing a single detection method is impractical. For example, if you install a firewall to protect against external network attacks, the server is still vulnerable to internal network attacks, viruses, application flaws, or even physical theft of the server to name only a few. You should apply detection and prevention methods to all possible areas that might affect or come into contact with your servers. Table 13-3 displays possible attack avenues to your server and some basic recommendations to help detect such attacks against them.

Table 13-3. Detecting Attacks

Attack Type

Recommendation

Password guessing

Monitor and review security logs for login attempts.

Worms and viruses

Watch for inconsistent or unusual behavior from your server or anti-virus software warnings.

Application flaws (buffer overflows)

Be alert to programs crashing.

External network attacks

Review firewall Syslog entries or other log files for entries that look like probes or unusual traffic. Lastly, review IDS log files.

Internal network attacks

Review internal Event Viewer log files and the IDS Event Viewer for bad signatures.

Ping (ICMP) sweeps

Watch for IDS warning messages or monitor network traffic by hand to inspect for ICMP traffic anomalies.

Server file system

On Windows NTFS file systems, enable security auditing and monitor access to local files.

Physical access to the server room

Monitor maintenance logs and video cameras.

Backups

Monitor logs for missing backup tapes.

Tip

Microsoft contains several security tools that greatly assist in identifying weak areas within your organization. See http://www.microsoft.com/technet/Security/tools/default.mspx for tools such as Security Risk Self Assessment tool, which produces a detailed report with recommendations on your overall security environment.

     < Day Day Up > 
    Related

    Категории