Identifying Suspicious Activity on your Edge Device – Part 1

by [Published on 6 July 2011 / Last Updated on 6 July 2011]

“Most of the good firewalls out there have the capability to identify suspicious activity and log this information for you. However, there are some scenarios where you want more than just knowing what happened, you want to build a better footprint of the potential attack that the edge device is passing through. This post will explain how to combine the power of Event Viewer with the flexibility of Network Monitor Wizard to build trigger an action when an incident happen. To achieve that we will divide the post in two parts, this part one will explain the scenario, identify the issue and work on the data gathering process. For this post we will use Forefront TMG 2010 as our edge device; however the same approach can be used in any device that logs its major alerts to Windows Event Log…”

For the juicy details, check out Yuri Diogenes’ blog over at:

http://blogs.technet.com/b/yuridiogenes/archive/2011/06/02/identifying-suspicious-activity-on-your-edge-device-part-1.aspx

HTH,

Deb

DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
dshinder@isaserver.org

Add Review or Comment

Featured Links