|
Posted: 06 Dec 2010 08:55 PM PST
Whenever someone comes in contact with another person, place, or thing, something of that person is left behind. This means that the attacker must disable logging, clear log files, eliminate evidence, plant additional tools and cover his tracks.
Here are some of the techniques that an attacker can use to cover his tracks:- (1) Disabling logging – Auditpol was originally included in the NT Resource kit for administrators. It works well for hackers too, as long as they have administrative access. Just point it at the victim’s system as follows: C:\>auditpol \\192.168.10 /disable Auditing Disabled (2) Clear the log file – The attacker will also attempt to clear the log. Tools, such as Winzapper, evidence Eliminator, or Elsave, can be used. Elsave will remove all entries from the logs, except one entry that shows the logs were cleared. It is used as follows: Elsave -s \\192.168.13.10 -1 “Security” -C (3) Cover their tracks – One way for attackers to cover their tracks is with rootkits. Rootkits are malicious codes designed to allow an attacker to get expanded access and hide his presence. While rootkits were traditionally a Linux tool, they are now starting to make their way into the Windows environment. Tools, such as NTrootkit and AFX Windows rootkits, are available for Windows systems. If you suspect that a computer has been rootkitted, you need to use an MD5 checksum utility or a program, such as Tripwire, to determine the viability of your programs. The only other alternative is to rebuild the computer from known good media.  |
|
Access the shared data offline allows you to keep using your shared files, folders and software programs when disconnected from the data server. When you reconnect to your data server, all files will be synchronized to the files on the network.
There are two types of configurations required to set the access shared folders offline available, one for data server and other for client computer.
Configuration on Data Server.
First locate the folders that you would like to share or make new folders then share these folders so they can be accessible to any one on the network.
Now right click on that folder and click on the option "Sharing and security".
A small dialog box will appear with the title "data properties". Under the "Sharing" tab, select the check box "Share this folder on the network" under the "Network sharing and security".
Now set the share level permissions that you want to give the users on every folder. Enable cache of share folders by click on cache button (by default it will be enabled).
Configuration on Client Computer
On the client computer, first open My Computer then click on Tools.
In Tools menu bar, click on Folder Options, a window will appear with the title Folder Options.
Under the Offline File tab, check the option Enable Offline File. Here you can choose the synchronization process "Synchronize all offline files when logging on", "Synchronize all offline files before logging off" and others.
Click on Apply button to save the settings and then Ok button to close this window.
Now sitting on the client computer, try to access the shared folder from the data server.
First Right click on the shared folder and Click on Make available offline.
To synchronizing the offline work from client computer to data server, again open My Computer then click on Tools. Click on Synchronize then click on synchronizing button.
After that down to data server and then try to access share folders by give the UNC (Universal Naming Convention) path of data server. But it will be accessible weather the server is down or up.
|
Wednesday, December 8, 2010
Tips & Tricks
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment