1) The first and foremost thing is to have a grip upon the mental approach. I would try to stay composed and relaxed rather than getting panicked. I would analyze the whole situation cool mind. Whenever a network is established, problems like these are likely to occur and companies always have a well organized solution for this. So, there is no need to get horrified.
2) Under such a situation, it becomes important to isolate the affected computer immediately. An affected machine on a network can cause all other machines on that network to be affected. I would unplug the cable and then disconnect the affected computer both from the internet and the network. This way, the intruder will not be able to have an access to the machine nor will he be able to attack other computers on the network by means of the affected one.
3) I would block the port 3389 temporarily. TCP port 3389 is the Remote Desktop Protocol (RDP) that enables a user to connect to a computer on a network. I will find out if VPN (virtual private network) had been established to protect the RDP or port 3389 traffic. I would make arrangements for the establishment of site-to-site VPN tunnel before reconnecting the computer to the network so as to secure the RDP traffic from Address Resolution Protocol (ARP) poisoning (Savill, 2008). Further investigations include: Were there passwords and sensitive information saved on the computer like ISP access passwords? These must be changed at once. How long has the intrusion gone undetected? The chances of co-computers on the network being affected increase with the time the affected one keeps on working on the network. I would investigate if the computer had updated anti-virus and desktop firewall software installed. I would make backups of all sensitive information and format the operating system. Then, I will reload the sensitive information from backup files while scanning them
A network intrusion detection system (NIDS) keeps a check on the network traffic, signals when it encounters a security breach, a malicious activity or an attack, and obstructs the source IP…
This research discusses data mining and the significance of IDSs for network security followed by few drawbacks, provides data mining and its various techniques in an elaborate manner, in relation to the present topic apart from various methodologies implemented till date, concludes the work done and gives plan for future work.
In order to combine both techniques i.e. Anomaly based intrusion detection system, Signature based intrusion detection system, a Flexible Intrusion Detection, and Response Framework for Active Networks (FIDRAN) is recommended, to provide superior security.
Intrusion Detection is used to manage the system and the network in a secured manner. Intrusion may occur from various sources. (Endorf 2004).IDS must be capable of identifying the security threats and prevent them from affecting the system or network. These detection systems make use of various scanning technologies to know whether a network is secured or not.
It is the most important component of the network system. It is mandatory for the network systems to install an intrusion detection system to easily manage the attacks and resolve the issues. (Mun 2009). There are various types of intrusion systems and they are implemented based on the network system.
Moreover,coming to the point of these manipulations which occur in the first place,we discern that these are the usual attacks that are carried out by the hackers who are skilled and quite adept at their work and even at times,script kiddies do play these tricks whereby they make use of the automated scripts to achieve their objectives.
The overall requirements for SnortReader are: (1) allow users to locate intrusions among Snort alerts in a short time; (2) allow users to change the behavior of the interface; and (3) provide help information to identify intrusions and how to use the interface.
The author provides some methods of protection. In passive methods radio frequency monitoring is used. The active systems can transmit signals to inquire the status of the network and also put in malicious data into the network to create interruptions. This is the most common methods and is on the rise since new abuse and tools emerge often.
For this to be beneficial, those workers must be capable to share the data each person enters. As a result, networking computers becomes essential. Networks are merely a group of computers linked by cable