Different traffic patterns can raise suspicions about various activities. These patterns may include: an unexpected increase in overall traffic, which could indicate either a mention of your website on a popular news site or suspicious behavior; a sudden rise in the number of bad or malformed packets, which can be monitored using packet-level statistics from routers or software network scanners like Observer or Network Monitor; and a large number of packets caught by egress filters in your router or firewall, indicating the presence of compromised machines on your network. Additionally, unscheduled reboots of server machines can sometimes suggest compromise.
You should already be monitoring the event logs of your servers for failed logons and other security-related events. Log Files contain comprehensive records of all security events (such as logon events, resource access, attempted policy violations, and changes in system configuration or policies) as well as critical system events (such as service/daemon start/stop, generated errors, and system warnings). These logs enable administrators to promptly identify the underlying causes of any issues. To ensure that remote users have the latest patches and updates, the system administrator should establish group policies that enforce immediate installation of updates.
Instead of having users restart the systems themselves, which wastes both the company’s and users’ time, a solution can be implemented to secure the network while allowing safe transfer of data. Malware is only filtered when removable storage drives cross the network. To address this issue, the system administrator should disable all USB ports on both clients and servers within the network. This precautionary measure will help resolve the problem. Furthermore, it is important to ensure that router permissions do not allow attackers to modify configurations or disrupt traffic. By configuring permissions to prevent unauthorized access, attackers can be kept from exploiting these vulnerabilities.
If the routers are already under attack, the administrator must access the router and restore the default settings. Additionally, firewalls should be implemented and permissions should be changed. The solution for this issue includes several requirements: implementing a defense-in-depth security approach, maintaining effective security audit logs, centralizing the collection of security logs, and automating the analysis of logs to identify attack signatures. Some of these requirements also apply to detecting malicious applications. Specifically, there is a need for effective procedures to audit unauthorized software on the network, properly configured security audit logs, reliable centralized collection and filtering of security logs, and automated analysis of logs to identify suspicious behavior. Third-party programs may be used if necessary.
References
- Sources: Boritz, J. E. (2013, April 8). Information security.
- Retrieved from Wikipedia: http://en. wikipedia. org/wiki/Information_security Easttom, C. (2013, April 12).
- Information security. Retrieved from Wikipedia: http://en. wikipedia. org/wiki/Information_security Kim, D. , & Solomon, M. (2012).
- Fundamentals of Information Systems Security. Burlington, MA: Jones & Bartlett Learning. Mah, P. (2012, Febuary 23).
- How to Build Multiple Layers of Security for Your Small Business. Retrieved from CIO. com: http://www. cio. com/article/700694/How_to_Build_Multiple_Layers_of_Security_for_Your_Small_Business
