Identify Your System The best way to protect you against computer attack

Irvan

http://irvan.or.id

Agenda

• Introduction

• Identifying anomalies on Linux Based System

• Identifying anomalies on Windows Based System

• Discuss?

Introduction

• Sometimes we don’t know whether our computer is being attacked or not.

• Most people doesn’t know how to recognize anomalies on their system, even though they are so familiar with their own system.

• Users often underestimate about security audit things.

• But for common they are really don’t know how to recognize it.

• I am a Linux user, what should I do?• I am a Windows user, what should I do?

Identifying anomalies on Linux Based System

The “/var/log/messages”

Seeing process through “ps”

Watching your “httpd log”

Knowing error message from “httpd” activities

Watching out your “door” trought “netstat” command

Take time to see “lastlogin”

More detail with “lsof –i”

Sniff your network with “tcpdump”

Get process detail with “top”

Who is online, and what they do?

Is there any “uninvited” guest?

Identifying anomalies on Windows Based System

Check your connection with “netstat”

The “Task Manager” things

The “Task Manager” things

The “Task Manager” things

The “Task Manager” things

Who is online?

What is running on your system?

Find the “unusual” key on your registry

Find the unusual things on your “c:\windows”

Find the unusual things on your “c:\windows\system32”

Is there any “uninvited” groups?

Is there any “uninvited” users?

Discuss?

Thank You

Happy Hacking..!!