Windows Intruder Detection Checklist

Following on from my previous post, how do you really know that your computer is free of anything that may have compromised it.

This document outlines suggested steps for determining whether your Windows system has been compromised. System administrators [and individuals] can use this information to look for several types of break-ins. I also encourage you to review all sections of this document and modify your systems to address potential weaknesses.

The term "Windows system" is used throughout this document to refer to systems running Windows 2000, Windows XP, and Windows Server 2003. Where there is a distinction between the various operating system versions (e.g., a capability available to only one OS version)the document will note this as such.

In this document, they make a distinction between the terms "auditing" and "monitoring". They use auditing to indicate the logging or collection of information and use monitoring to indicate the routine review of information obtained by auditing to determine occurrences of specific events.

A degree of expertise may be required to conduct these tests.

Test details are available HERE.