Sign in with
Sign up | Sign in
Your question

hacked afterthought, tools

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
August 6, 2004 4:05:34 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

If a system gets hacked and you go over the various data.

is any tools out there that will tell you what
information they got???

it was the only system that had a lot of viruses.

Recently discovered it was compromised....

Is there anyway to find what network data was transmitted?

thank you,

"hackedupon"
Anonymous
a b 8 Security
August 7, 2004 6:19:18 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Not really. If you had auditing of object access enabled and then audited
folders/files you might have an idea who accessed data and when but it is not
practical to audit everything as it will decrease computer performance and generate
thousands and thousands of events in the security log. Security logs can also be
erased or modified by a hacker. Encryption of data and removal and securing of all
private keys that can decrypt a file would be one way to insure confidentiality of
data. In your situation you pretty much have to assume the worst. --- Steve

http://securityadmin.info/faq.asp#hackerstoc -- link from Karl's FAQ may be helpful.
http://www.microsoft.com/technet/community/columns/secm... -- from
Microsoft
http://www.microsoft.com/technet/security/guidance/secm... -- auditing
procedures.

"hackedupon" <anonymous@discussions.microsoft.com> wrote in message
news:026c01c47be8$5a1214a0$3501280a@phx.gbl...
> Hello,
>
> If a system gets hacked and you go over the various data.
>
> is any tools out there that will tell you what
> information they got???
>
> it was the only system that had a lot of viruses.
>
> Recently discovered it was compromised....
>
> Is there anyway to find what network data was transmitted?
>
> thank you,
>
> "hackedupon"
Anonymous
a b 8 Security
August 9, 2004 9:35:12 PM

Archived from groups: microsoft.public.win2000.security (More info?)

On Fri, 6 Aug 2004 12:05:34 -0700, "hackedupon"
<anonymous@discussions.microsoft.com> wrote:

>Hello,
>
>If a system gets hacked and you go over the various data.
>
>is any tools out there that will tell you what
>information they got???
>
>it was the only system that had a lot of viruses.

That's not an indication of being hacked.

>Recently discovered it was compromised....
>
>Is there anyway to find what network data was transmitted?

Sure. You look at your intrusion detection system logs, your network
sniffer logs, the server's auditing logs and so on. All of which need
to be in place *before* anything happens.

Jeff
!