Identify Your System The best way to protect you against computer attack
Irvan
http://irvan.or.id
Agenda
• Introduction
• Identifying anomalies on Linux Based System
• Identifying anomalies on Windows Based System
• Discuss?
Introduction
• Sometimes we don’t know whether our computer is being attacked or not.
• Most people doesn’t know how to recognize anomalies on their system, even though they are so familiar with their own system.
• Users often underestimate about security audit things.
• But for common they are really don’t know how to recognize it.
• I am a Linux user, what should I do?• I am a Windows user, what should I do?
Identifying anomalies on Linux Based System
The “/var/log/messages”
Seeing process through “ps”
Watching your “httpd log”
Knowing error message from “httpd” activities
Watching out your “door” trought “netstat” command
Take time to see “lastlogin”
More detail with “lsof –i”
Sniff your network with “tcpdump”
Get process detail with “top”
Who is online, and what they do?
Is there any “uninvited” guest?
Identifying anomalies on Windows Based System
Check your connection with “netstat”
The “Task Manager” things
The “Task Manager” things
The “Task Manager” things
The “Task Manager” things
Who is online?
What is running on your system?
Find the “unusual” key on your registry
Find the unusual things on your “c:\windows”
Find the unusual things on your “c:\windows\system32”
Is there any “uninvited” groups?
Is there any “uninvited” users?
Discuss?
Thank You
Happy Hacking..!!