Anytime a user attempts to access a network, the server logs the attempt. In this lab, you first used the
Windows Event Viewer utility to search for failed logon attempts, which could indicate a possible intrusion by an unauthorized user. You also generated your own errors by attacking the Windows 2008 server and then reviewed the Internet Information Services (IIS) logs to find those errors. Finally, you documented your findings and recommended remediation steps.
Lab Assessment Questions & Answers: 1. What services were attacked on the IIS server? 2. How many failed logons were detected?
3. Specify the date/timestamps when monitoring started and when the attacks occurred. 4. What options are available to prevent brute force authentication attacks in a Windows-based domain? 5. What is an insider attack? 6. If the attacks for this lab were coming from an internal IP, would you allow the attack to continue to investigate further or stop the attack? 7. With the information provided in this lab, what steps would you take to prevent a reoccurrence of an external attack?
8. What is a best practice to deter insiders from even thinking about executing an attack?
Overview:
Anytime a user attempts to access a network, the server logs the attempt. In this lab, you first used the
Windows Event Viewer utility to search for failed logon attempts, which could indicate a possible intrusion by an unauthorized user. You also generated your own errors by attacking the Windows 2008 server and then reviewed the Internet Information Services (IIS) logs to find those errors. Finally, you documented your findings and recommended remediation steps.
Lab Assessment Questions & Answers: 1. What services were attacked on the IIS server? 2. How many failed logons were detected?
3. Specify the date/timestamps when monitoring started and when the attacks occurred. 4. What options are available to prevent brute force authentication attacks in a