Common Indicators of Security Incidents

Several types of events are common indicators of security incidents. You should pay particular attention to these types of events. Although after investigation, most of these events will prove harmless, some will warrant closer investigation and possibly trigger your organization’s incident response plan. Common indicators of security incidents include the following:

  • Unusual Transmission Control Protocol/Internet Protocol (TCP/IP) or User Datagram Protocol (UDP) traffic

  • Presence of certain events in the System log file

  • Inability to access network resources

  • Excessive CPU utilization

  • Irregular service operations

  • Irregular file system activity

  • Permissions changes

Unusual TCP/IP or UDP Traffic

One of the earliest ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.