-
Block access to TCP and UDP ports 135–139.
-
Disable bindings to Wins client on any adapter.
-
Use complex passwords
-
Log failed logon attempts in Event viewer - Security log full event 529 or 539 - Logon/Logoff
-
Logging is of no use if no one ever analyzes the logs
-
VisualLast from www.foundstone.com formats the event logs visually
VisualLast is considered as the advanced version of NTLast with a number of additional and sophisticated features. The program is designed to allow network administrators to view and report individual users log on and log off times and these events can be searched by time frames. This is an invaluable feature to security analysts looking for intrusion details.
Amarjit Singh
No comments:
Post a Comment