SANSFire 2008 – Audit 507, Day 5 – Windows

Day 5: Auditing Windows systems. Not really a lot of earth-shattering news here today. Having been exposed to Windows tools like MMC, Security Policies and Group Policies, and the Event Viewer for years now, I was in pretty familiar territory. There were some reminders (why LM hashes are bad, what to do about them if you still have them) and some new ideas (methods for baselining a system and taking periodic diffs to compare, moving forward), but no real “aha moments” for me. Not that I’m complaining, mind you. I’ve had enough new stuff for now. At least today my brain did not feel like it was completely overflowing.

I also took a sneak peek at tomorrow’s book on auditing Unix. Familiar stuff there too. (*phew!*)

Leave a Reply