Monitoring Reporting 6192021 Planning a Monitoring and Reporting
- Slides: 12
Monitoring- Reporting ¡ ¡ 6/19/2021 Planning a Monitoring and Reporting Strategy Intrusion Detection System Monitoring ISA Server Activity Demo Configuration Faculty : Trần Thị Ngọc Hoa 1
Monitoring and Reporting Strategy Design a plan for archiving the logs Create a schedule for regular review of the logs Create a strategy for how to respond to critical events Document your strategy Determine the information that is the most critical Categorize the information that you need to collect 6/19/2021 Faculty : Trần Thị Ngọc Hoa 2
Intrusion Detection System ¡ ¡ ¡ 6/19/2021 ISA Server software’s feature When the IDS dectects an attack or a specific system event An alert can be triggered Send email to the administrator Stop the Firewall service Write to the system event log Run a program or a script Implementation : l Packet level l Application level Faculty : Trần Thị Ngọc Hoa 3
IP Packet–Level Attacks ea d f o Ping All port s scan ck a t t a h t IP half scan UDP bomb attac k Windows out-of-band attack 6/19/2021 Faculty : Trần Thị Ngọc Hoa k c a t t a d Lan 4
Application–Level Attacks DNS Hostname Overflow DNS Length Overflow POP buffer overflow DNS zone transfer from high ports (above 1024) DNS zone transfer from privileged ports (1– 1024) 6/19/2021 Faculty : Trần Thị Ngọc Hoa 5
ISA Server Events ¡ What is an event ? l Conditions that ISA can detect during it’s operation An intrusion attempt ¡ A problem with a service running on an ISA computer ¡ A communication failure ¡ ¡ 6/19/2021 When ISA detects an event it will trigger an alert – an action of ISA Faculty : Trần Thị Ngọc Hoa 6
6/19/2021 Faculty : Trần Thị Ngọc Hoa 7
ISA Server Alerts ¡ ¡ ¡ Service of ISA Monitoring events then performs an action if the specific event occurs Action : l l l 6/19/2021 Send email notification Run a program : scan the log files, then block the connections from intruders Start or stop a service Faculty : Trần Thị Ngọc Hoa 8
Monitoring ISA Server Activity ¡ ¡ By Logging Purpose : l ¡ Packet filter logs : l ¡ record attempts to communicate by using the Firewall service Web Proxy service logs : l 6/19/2021 record attempts to pass packets through ISA server Firewall service logs : l ¡ Analyze the usage, performance and security monitoring record attempts to communicate by using the Web Proxy service Faculty : Trần Thị Ngọc Hoa 9
Monitoring ISA Server Activity ¡ Log format : l l ¡ By default, ISA Server can only log dropped packets. l l 6/19/2021 %ISAinstallfolderISALogs W 3 C ISA ODBC Disable dropped packet logging to reduce server load. Disable logging for dropped packets only if your security policy does not require this information. Faculty : Trần Thị Ngọc Hoa 10
Analyzing ISA Server Activity by Using Reports ¡ 6/19/2021 Reports are generated from a database that includes the collected data from the ISA log files. Faculty : Trần Thị Ngọc Hoa 11
Demo Configuration 6/19/2021 Faculty : Trần Thị Ngọc Hoa 12
- Ppst domain 3
- Monitoring and evaluation of family planning programs
- Importance of planning, monitoring and evaluation
- N planning
- Long medium and short term planning in primary schools
- Corpus planning definition
- Monitoring in voyage planning
- Strategic planning vs tactical planning
- Planning balance sheet in urban planning
- Scenario planning workforce planning
- Aggregate planning is capacity planning for:
- Aggregate capacity planning
- Aggregate planning is capacity planning for