SANSFire 2008 – Audit 507, Day 5 – Windows

Day 5: Auditing Windows systems. Not really a lot of earth-shattering news here today. Having been exposed to Windows tools like MMC, Security Policies and Group Policies, and the Event Viewer for years now, I was in pretty familiar territory. There were some reminders (why LM hashes are bad, what to do about them if you still have them) and some new ideas (methods for baselining a system and taking periodic diffs to compare, moving forward), but no real “aha moments” for me. Not that I’m complaining, mind you. I’ve had enough new stuff for now. At least today my brain did not feel like it was completely overflowing.

I also took a sneak peek at tomorrow’s book on auditing Unix. Familiar stuff there too. (*phew!*)

SANSFire 2008 – Audit 507 – Day 3

Day three – Auditing Networks, done. Today we covered what it takes to audit a network, including those little things called modems. Remember them? You used to used them to do stuff like, send faxes, connect to your local BBS, or get dial-up Internet access! And, if you’re a poor, unfortunate soul who lives in Vermont, odds are pretty good that you still use one of those modems for dialup access. (Not that I would know anything about that.) Continue reading “SANSFire 2008 – Audit 507 – Day 3”