Đang chuẩn bị liên kết để tải về tài liệu:
Course 2830: Designing security for Microsoft networks - Module 12

Module 12 - Designing responses to security incidents. The following topics are covered in this module: Introduction to auditing and incident response, designing an audit policy, designing an incident response procedure. After completing this module, students will be able to: Describe auditing and incident response, design an audit policy, design an incident response procedure. | Module 12: Designing Responses to Security Incidents Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response Procedure Lesson: Introduction to Auditing and Incident Response The Auditing Process Why Auditing Is Important What Is an Incident Response Procedure? Why an Incident Response Procedure Is Important The Auditing Process IIS Server Client Internet ISA Server A B Domain Controller As a user logs on to a secure Web site to check the status of an order, the user’s actions are recorded in: ISA Server packet filter logs and firewall logs IIS logs and Event Viewer Domain controller event logs C Why Auditing Is Important Attacker Threat Example External Brute force attack After many failed attempts, an attacker gains access to the network, creates a legitimate user account, and uses it to access information on the network. Internal Misuse of administrator rights A help desk administrator uses administrative rights to change his supervisor’s password to read her e-mail and access personnel records. Internal Attacker External Attacker What Is an Incident Response Procedure? An incident response procedure includes steps for responding to a security incident A procedure specifies items such as: People to contact Actions for limiting the damage from an attack Provisions for investigating the incident Incident Response Procedure Actions Personnel Investigation Why an Incident Response Procedure Is Important Attacker Threat Example External Uncoordinated response A virus over the Internet exploits a known vulnerability on the network. Despite previous attacks, the organization does not identify and respond to the virus until all computers on the network are infected. Internal Failure to maintain the chain of evidence A company suspects that an employee is selling confidential information to a competitor. During the investigation, a routine network update changes files on the suspect’s computer. Internal Attacker . | Module 12: Designing Responses to Security Incidents Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response Procedure Lesson: Introduction to Auditing and Incident Response The Auditing Process Why Auditing Is Important What Is an Incident Response Procedure? Why an Incident Response Procedure Is Important The Auditing Process IIS Server Client Internet ISA Server A B Domain Controller As a user logs on to a secure Web site to check the status of an order, the user’s actions are recorded in: ISA Server packet filter logs and firewall logs IIS logs and Event Viewer Domain controller event logs C Why Auditing Is Important Attacker Threat Example External Brute force attack After many failed attempts, an attacker gains access to the network, creates a legitimate user account, and uses it to access information on the network. Internal Misuse of administrator rights A help desk administrator uses administrative rights to change .