TAILIEUCHUNG - Course 2830: Designing security for Microsoft networks - Module 12

Module 12 - Designing responses to security incidents. The following topics are covered in this module: Introduction to auditing and incident response, designing an audit policy, designing an incident response procedure. After completing this module, students will be able to: Describe auditing and incident response, design an audit policy, design an incident response procedure. | Module 12: Designing Responses to Security Incidents Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response Procedure Lesson: Introduction to Auditing and Incident Response The Auditing Process Why Auditing Is Important What Is an Incident Response Procedure? Why an Incident Response Procedure Is Important The Auditing Process IIS Server Client Internet ISA Server A B Domain Controller As a user logs on to a secure Web site to check the status of an order, the user’s actions are recorded in: ISA Server packet filter logs and firewall logs IIS logs and Event Viewer Domain controller event logs C Why Auditing Is Important Attacker Threat Example External Brute force attack After many failed attempts, an attacker gains access to the network, creates a legitimate user account, and uses it to access information on the network. Internal Misuse of administrator rights A help desk administrator uses administrative rights to change his supervisor’s password to read her e-mail and access personnel records. Internal Attacker External Attacker What Is an Incident Response Procedure? An incident response procedure includes steps for responding to a security incident A procedure specifies items such as: People to contact Actions for limiting the damage from an attack Provisions for investigating the incident Incident Response Procedure Actions Personnel Investigation Why an Incident Response Procedure Is Important Attacker Threat Example External Uncoordinated response A virus over the Internet exploits a known vulnerability on the network. Despite previous attacks, the organization does not identify and respond to the virus until all computers on the network are infected. Internal Failure to maintain the chain of evidence A company suspects that an employee is selling confidential information to a competitor. During the investigation, a routine network update changes files on the suspect’s computer. Internal Attacker .

• Quản trị mạng
• Designing security
• Microsoft networks
• Network security
• Security design
• Security incidents
• Incident response procedure
• Analyzing security risks
• Security policies
• Designing network security
• Security design for accounts
• Account security
• Security design for authentication
• Authentication security
• Security threats
• Network attacks
• Risk management
• Physical resources
• Security design for computers
• Analyzing risks to computers
• Security design for data
• Securing data
• Acceptable use policy
• Security policy checklist
• Manage security
• Operations framework
• Designing policies
• Managing networks
• Network management policy
• Network perimeters
• Perimeter security
• Data transmission
• Securing data transmission
• Random Oracle model
• A Paradigm for Designing Efficient Protocols
• Designing Efficient Protocols
• Random oracle paradigm
• Chosen Cipher text Security
• A digital signature scheme
• Advanced network security
• An toàn mạng nâng cao
• Designing for an Open Access Point
• Wireless Network Vulnerabilities
• Wireless Hacking Tools
• Wireless Network
• Internetworking
• manage network
• Network Protocols
• Security communication
• network systems
• network equipment
• network operators
• computer network
• information technology
• international certification
• network cisco
• cisco exam
• management network
• công nghệ thông tin
• tin học
• internet
• microsoft office
• công nghệ thông tin
• tin học
• mạng
• web
• quản trị mạng