Lesson Progress
0% Complete
Windows Server
The Windows Active Directory, Windows DHCP and the Windows DNS servers runs on the Windows Operating System. Therefore it is only necessary to ensure that the Operating System is not under malicious control.
Data Sets
- Event timestamp
- Device type – winevent_nic,30 (type)
- Device class – Host
- Device subclass – Windows
- Message severity level
- Source Interface
- Destination Interface
- User ID’s
- Access group
- Event description
- Successful and failed log-on and log-off;
- Terminal identity or location if possible;
- Records of successful and rejected system access attempts;
- Records of successful and rejected data and other resource
access attempts; - Changes to system configuration;
- Use of privileges;
- Use of system utilities and applications;
- Files accessed and the kind of access;
- Alarms raised by the access control system;
- Activation and de-activation of protection systems,
such as anti-virus systems and IDS/IPS; - Shutdown / reboot of system
Unix Servers
AIX
HP-UX
RHEL
Solaris