How to Detect Network Intruders (Part 2)

In the previous blog post we saw how identity theft in a corporate environment can be a huge risk for a corporate environment and how the possible injection of malicious code can easily take place and go unnoticed on a client machine that is part of a corporate network.

There are many ways in which malicious code can be inserted successfully without anyone noticing.

Software is never bug free and software patches are not immediately available by the manufacturer. That’s why any type of severe vulnerabilities in software is exploited immediately by hackers.
Common software is very popular. Injection of malicious code in common software can reach millions of victims in a very short amount of time.
Trusted websites attract billions of visitors. Smart injection of malicious code remains unnoticed by the website administrator.
Standard protocols such as HTTP or FTP are open for use by default. A firewall does not block them by default, because internet browsing requires HTTP for data exchange. That’s why malicious code mostly exchange sensible data through standard protocol like HTTP.

Running malicious code on remote machines is one big risk, but data theft is understood as the bigger risk for a corporate organization.

What can a systems administrator do to monitor, track and block such intrusion attempts around the clock?

Internet monitoring is one solution that extends the strengths of common firewalls. Internet monitoring does not only include the manual monitoring of in- and outbound data transfers, it should also include features such as multiple antivirus engines that scan and automatically control downloads requested by client machines.

Downloads can be anything, such as a malformed image, that has been requested by a software application running on a remote machine. If the download is controlled by professional web monitoring software, then this approach would contribute to reduce the risk of the insertion of malicious code into a corporate network. As a download control is fully automated on a 24/7 basis it saves time and reduces the worries of a systems administrator.

A web filtering module (that complements the web monitoring module) prevents the access of “bad” websites before it comes to download the webpage from the bad URL. But what happens if malicious web content starts to appear on good websites? It isn’t sufficient if web filtering only works on categories like “yes” or “no”.

A good web filtering module should be able to update its database automatically and dynamically detect malicious code on good and bad sites automatically. Such features would be very innovative and would benefit web control. Not all web risks can be fully controlled and blocked by web monitoring software so the manual intervention of a web administrator is required to fully archive the reduction of web threats.

Reporting is a basic foundation of web monitoring software to evaluate the performance of the defence software but also helps to detects new anomalies in corporate environments.

Cameron Leaf April 24, 2011 at 11:35 am
Definitely highlighting the importance of a good monitoring scheme right here.
I would say another safety measure one could take in regards to common software is avoid being an early adopter. How many times have we seen AAA-list programs roll out new versions, only to have security patch after security patch applied in the following weeks? Waiting a month or two can make a big difference in limiting the risks you put your own machine under.
Chris Lorrel April 25, 2011 at 6:19 pm
Cameron is right that being an early adopter is pretty risky – you are like a beta tester and you take all the risks. Also, to catch intruders, keep an eye on logs – even if you don’t get an alert, checking the logs every now and then is good prevention.
CDG_IT_Guy April 26, 2011 at 6:14 am
Software is never bug-free, so as computer networks and IT systems. The best way to detect network intruder is to arm yourself with knowledge and skill. Keep yourself updated with the latest tips, tricks, and technology news about networking system. Technology evolves – so as intruders and hackers.
Even if you’re not the webmaster or the network admin, you can still detect harmful network injections if you arm yourself with these knowledge.
Simon July 10, 2011 at 9:41 am
I’d add never ever allow P2P in your network – in any form. These file sharing networks, even when they are not violating intellectual rights, are an incubator of all things malware. In a business environment, peer-to-peer has no place. Your users don’t need it for their jobs, so there is no excuse to allow its bare existence.

Comments are closed.

If you have used this form and would like a copy of the information held about you on this website, or would like the information deleted, please email privacy@gfisoftware.com from the email address you used when submitting this form.

How to Detect Network Intruders (Part 2)

What can a systems administrator do to monitor, track and block such intrusion attempts around the clock?

About the Author: Mohammed S Ali

4 Comments

How to Detect Network Intruders (Part 2)

What can a systems administrator do to monitor, track and block such intrusion attempts around the clock?

Get your free 30-day trial

Get your free 30-day trial

About the Author: Mohammed S Ali

4 Comments