Identifying Suspicious Activity on your Edge Device – Part 1
“Most of the good firewalls out there have the capability to identify suspicious activity and log this information for you. However, there are some scenarios where you want more than just knowing what happened, you want to build a better footprint of the potential attack that the edge device is passing through. This post will explain how to combine the power of Event Viewer with the flexibility of Network Monitor Wizard to build trigger an action when an incident happen. To achieve that we will divide the post in two parts, this part one will explain the scenario, identify the issue and work on the data gathering process. For this post we will use Forefront TMG 2010 as our edge device; however the same approach can be used in any device that logs its major alerts to Windows Event Log…”
For the juicy details, check out Yuri Diogenes’ blog over at:
http://blogs.technet.com/b/yuridiogenes/archive/20...1.aspx
HTH,
Deb
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
dshinder@isaserver.org
Identifying Suspicious Activity on your Edge Device – Part 1 - Isaserver.org - Winsec.be Says:
July 6th, 2011 at 6:36 pm
[…] June 2011 (12)May 2011 (14)April 2011 (15)March 2011 (20)February 2011 (8)January 2011 (15)December 2010 (19)November 2010 (13)October 2010 (13)September 2010 (15)August 2010 (14)July 2010 (15)June 2010 (15)May 2010 (15)April 2010 (1) “Most of the good firewalls out there have the capability to identify suspicious activity and log this information for you. However, there are some scenarios where you want more than just knowing what happened, you want to build a better footprint of Read More… […]
Vito Says:
January 30th, 2012 at 11:20 pm
Major follower of your website, a lot of your posts have truly helped me out. Looking forward to news!