You run a website in an IaaS environment. You wake up to discover that your website has been defaced. Assume you are running a web server and an FTP server in this environment and that both an application proxy and a firewall sit between those servers and the Internet. All of your VMs are running SSH servers. What logs might help you determine how the website was defaced? What kind of information

would you look for?

What will be an ideal response?

Some
possible
logs
to
look
at
and
the
SSH
connection
logs,
FTP
logs,
application
proxy
logs,
firewall
logs,
and
server
security
event
logs.
Look
for
logins,
connections
from
unknown
IP
addresses,
file
uploads,
and
changes
to
files.

Computer Science & Information Technology

You might also like to view...

When properly arranged, an Excel worksheet can be used as a data source in a Word mail merge

Indicate whether the statement is true or false

View

Computer Science & Information Technology

The group scope that can include users, computers, and other global groups from the same domain is ________

Fill in the blank(s) with correct word

View

Computer Science & Information Technology