Perceived Purpose
To understand the importance of Windows logging and how maintenance and analysis of log files is one of the most basic functions that a network or security administrator performs.
Tools
The tool we used is Windows EventViewer that is managed via the Microsoft Management Console (MMC).
Procedure and Results
Click here to see the Procedure and Results for MMC
Analysis and Reflection
Maintaining log files is an absolute must for any systems administrator. The type of logging and the frequency depends on the factors including:
- The type, and size, of the organization
- The security policies in place at the organization
- The type of server that is being monitored
- The type of users accessing the server (customers, employees, …)
- The level of protection and monitoring needed, on a per file or per directory basis.
Whether running a Windows machine, UNIX or Linux, log files can often tell an administrator exactly what activities have occurred in the machine over a specific time
Time
50 minutes
Perceived Purpose
To understand how a backdoor works and the methods an attacker can use to control a machine or make use of if for malicious purposes. In almost all backdoor of Trojan attack, the administrator or owner of the machine is unaware of its presence.
A backdoor is any method or program used by an attacker to gain access to a computer at a later time, after initially gaining access. A Trojan is typically a method of disseminating a backdoor, and not the backdoor itself. Some Trojans are actually destructive themselves and do not need backdoors.
Tools
For this lab, we used NetBus, which is considered a backdoor program
Procedure and Results
Click here to see the Procedure and Results for NetBus
Analysis and Reflection
As we can see, as interesting it can be for a lab activity, it is a very dangerous and silent attack to a machine and within seconds your computer can be exposed and taken over without you even knowing it!
Time
40 minutes