Talk With an Expert

Event Monitoring and Incident Response

Event Monitoring and Incident Response (PDF, 2.08MB)Published: 15 May, 2013
Created by
Ryan Boyle

Ever wish you could observe, report, and react in a timely manner after an event occurred? Evidence information can disappear after time has passed and attacks can cause further harm if allowed to continue. The speed and manor in which you react can have an affect on the outcome. Using a Host Intrusion Prevention System (HIPS) can help prevent attacks from occurring, stop attacks in progress and gather evidence. This paper will cover configuring and implementing a Windows based log file monitoring HIPS. Using the HIPS to block remote password brute force attempts, leverage port knocking, work with a honey port, and work as part of a honey pot to gather evidence and report the incident to ISPs.