Home‎ > ‎CIS 75‎ > ‎

Lab 2 - Log Analysis

During class complete only part 3 of Lab 2: Secure Network Administration Principles - Log Analysis. The lab shows you how to use command line tools to read the system logs on Linux and Windows (you will only be doing the Windows part). A key question that you should ask yourself is, "How would I know if someone has broken into my systems?" Understanding how computers record system events and where to find those evens is key to your ability to answer that question. The lab shows you the basic tools for making sense of logs. Becoming an expert means not only using these tools well but understanding what the seemingly random data in the logs really means. 

Complete the lab and answer the following questions on Blackboard: 
  1. In part three you used a Hydra to guess passwords. What security countermeasures might work to stop this attack? For any countermeasure that you list tell me if it's technology, policy and procedures or training and education. 
  2. How does having a log file protect information?