Security Basics mailing list archives
Re: Port & Executable Monitoring & Logging
From: Brent Huston <lbhlists () gmail com>
Date: Wed, 22 Jun 2011 10:07:47 -0400
2 items. 1. For periodic testing like this, tcpview from sysinternals should do it: http://bit.ly/lDb982 2. For longer term monitoring of surfaces in your end points, check out HoneyPoint Wasp: http://microsolved.com/2009/HoneyPoint_Wasp.html Hope that helps! On Jun 21, 2011, at 12:54 PM, jstemp105 () gmail com wrote:
Hello All, I have been working with the IPS systems within my corporate workplace and we have noticed some strange activity where a virtual Windows file server is attempting to connect to workstations, on the same subnet, through local TCP port 88. The IPS systems that we have in place on the workstations in our organization are detecting these connections and is blocking them by considering them port scans. The connections are incoming from the file server to the workstations. Placing a packet capture on the network and server did no good as the workstations blocked them and the workstations that didn't block the connections would only reply with a reset flag. These connections happen at the most sporadic times ranging anywhere throughout the day or night. We would like to put a program on the server that will monitor for executables and what port they run on or open up. This program must be able to log the instances and be able to filter what ports are being monitored. Does anyone know of any software programs that will run on Server 2008 and have the above stated capabilities? Thanks! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Port & Executable Monitoring & Logging jstemp105 (Jun 21)
- Re: Port & Executable Monitoring & Logging Brent Huston (Jun 25)
- Re: Port & Executable Monitoring & Logging Michael Painter (Jun 23)
- Re: Port & Executable Monitoring & Logging Ansgar Wiechers (Jun 24)
- Re: Port & Executable Monitoring & Logging Michael Painter (Jun 23)
- <Possible follow-ups>
- Re: Port & Executable Monitoring & Logging jstemp105 (Jun 23)
- Re: Re: Port & Executable Monitoring & Logging andrewhaynes (Jun 25)
- Re: Port & Executable Monitoring & Logging Brent Huston (Jun 25)