Abstract
Core to successful cyber operations is the ability to maintain the integrity and availability of computer systems and networks. The first step in this process is knowing what is occurring on defended systems and networks. Both Windows and Linux feature tools that provide information about running processes, system users, and network connections. Network traffic between systems can be captured and analyzed with tools including tcpdump and Wireshark. In this chapter, the reader will learn what live information is available to a system administrator facing a potentially compromised system or network and will find different indicators of the attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This is using the Systemd approach to the service since the example host is a CentOS 7.1 system; on CentOS 5 and CentOS 6 systems, the corresponding SysVinit commands would be used (Table 1-1).
- 2.
The Bash shells that appear depend on the activities of the attacker.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2019). Operational Awareness. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_3
Download citation
DOI: https://doi.org/10.1007/978-1-4842-4294-0_3
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-4293-3
Online ISBN: 978-1-4842-4294-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books