Unknown Processes
Lots of processes run on Windows 2000 systems. Some of them are easy to figure out and some are not. If you look at the Task Manager, you can see the processes that are running and how much CPU and memory they are using.
System administrators should periodically examine the Task Manager to see if any unknown processes are running. A good example of something to look for is CMD processes. The CMD process is the command prompt or DOS Window. If it is running, you should be able to see a window on the screen. In some cases, an intruder will cause a CMDprocess to start in order to perform other operations on the system. This is a clear indication that something unusual is happening on the system.
In this tutorial:
- Windows 2000 Security Issues
- Setting up the System
- Local Security Policy Settings
- Logon Message
- LAN Manager Authentication Level
- System Configuration
- File Systems
- Network
- Account Settings
- USER MANAGEMENT
- Setting File Permissions
- System Management
- Analysis
- Configuration
- Validation
- Export
- Auditing a System
- Log Files
- Looking for Suspicious Signs
- Missing Log Files or Gaps in the Log Files
- Unknown Processes