Knowing your network has been compromised is a good thing because the less fortunate ones are those unaware that their systems have been illegally penetrated--time and again--right under their nose.
Prevention, as we know, is always better than cure so how can you avoid from being caught napping?
One of the best ways is to have a consistent schedule to review your server's activity logs and this can be rotated amongst team members on a daily or weekly basis.
Once this exercise has been implemented--and strictly adhered to--don't forget to schedule routine backups for your log files as a precautionary measure.
If you're interested in third-party log monitoring and analysis software, Download.com has a decent selection.
Granted there's more to stopping hackers than event logs, it is a good and valuable start, nonetheless.
Does your IT department take activity logs seriously? Has it helped avert intrusions or is it a sheer waste of time? Please e-mail your comments to itmanager@zdnet.com.au.
MUST READ
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
You've discovered that your system has been compromised. For next steps and to prevent future penetration, check out IT Manager's guide below.
You've been hacked: What to do in the first five minutes
You've been hacked: What to do in the first hour
You've been hacked: How to prevent future attacks
![]()
![]()
![]()
![]()
![]()
![]()
![]()
![]()
To determine what type of data is valuable, here are some tips from TechRepublic's Michael Mullins:








