Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Resources: Windows Auditing & Monitoring, Linux 2FA - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Resources: Windows Auditing & Monitoring, Linux 2FA

Some useful resources for your reading pleasure and implementation:

1) A recently published Windows 10 and Windows Server 2016 security auditing and monitoring reference: https://www.microsoft.com/en-us/download/details.aspx?id=52630

From the reference abstract, you can expect: 

  • Detailed technical descriptions for most of the advanced security audit policies that are included with Windows 10 and Windows Server 2016.
  • Monitoring recommendations for security events to include in advanced security audit policies.
  • Recommendations for Group Policy settings for advanced security audit policy for domain controllers, workstations, and member servers.

2) A great Linux.com article on setting up two-factor authentication for login and sudo: https://www.linux.com/learn/how-set-2-factor-authentication-login-and-sudo

​From Jack Wallen's  article: 

"What if I told you could take the login to your Linux servers and desktops one step—nay, two steps—further? Thanks to the Google Authenticator, you can. On top of that, it’s incredibly easy to set up. I am going to walk you through the process of setting up two-factor authentication for use on login and sudo. I will demonstrate this on a Ubuntu 16.04 desktop, but the process works for the server as well. To handle the two-factor side of things, I will be making use of the Google Authenticator..."

3) In the "this speaks for itself" and "too good not to share" categories: https://support.microsoft.com/en-us/kb/3053711

laugh

Russ McRee | @holisticinfosec

Russ McRee

179 Posts
ISC Handler
Nice article on 2FA for Linux systems. Only if someone could write something similar for Windows systems! ;) ....Btw one caveat is having to have Internet connectivity for this to work. So if for some reason you don't have it, say if you've isolated the system from going out, you can't login to your machine.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!