Threat Tactics for Enterprise Security
Added on 2022-08-25
19 Pages5092 Words14 Views
|
|
|
Running head: NETWORK INTRUSION AND SCAN DETECTION
Network Intrusion and Scan Detection
Name of the Student
Name of the University
Author Note
Network Intrusion and Scan Detection
Name of the Student
Name of the University
Author Note
NETWORK INTRUSION AND SCAN DETECTION1
Table of Contents
Question 1 (Detecting reconnaissance)......................................................................................2
i) Data Collection and Scanning.........................................................................................2
ii) Use of the Tools...........................................................................................................4
iii) Strategies to help collect traffic...................................................................................5
Question 2 (Statistical Data collection)......................................................................................6
Session data............................................................................................................................6
Statistical Data.......................................................................................................................7
Tools to Use and Configuration.............................................................................................9
Question 3 (The rest of the business).......................................................................................10
Question 4 (Advanced persistent threats (APTs))....................................................................12
Summary..............................................................................................................................12
References................................................................................................................................15
Table of Contents
Question 1 (Detecting reconnaissance)......................................................................................2
i) Data Collection and Scanning.........................................................................................2
ii) Use of the Tools...........................................................................................................4
iii) Strategies to help collect traffic...................................................................................5
Question 2 (Statistical Data collection)......................................................................................6
Session data............................................................................................................................6
Statistical Data.......................................................................................................................7
Tools to Use and Configuration.............................................................................................9
Question 3 (The rest of the business).......................................................................................10
Question 4 (Advanced persistent threats (APTs))....................................................................12
Summary..............................................................................................................................12
References................................................................................................................................15
NETWORK INTRUSION AND SCAN DETECTION2
Question 1 (Detecting reconnaissance)
i) Data Collection and Scanning
The present network of the client apparently is vulnerable to insider attacks that is
attacks being conducted by rogue staff members or members making us of the internal
network of the company (Cooper 2017). These attacks can include performing
reconnaissance, vulnerability scans, deliberate attempts to disrupt specific services, denial of
service attacks (DoS) attacks. More severe attacks can involve theft of sensitive information
of the organization or the clients and details regarding other staff members (Mugisha and
Zhou 2016). To perform the above mentioned attacks, the members need to detect the
network configuration of the hosts that are up and running at the time as well as the ports that
are open.
As can be observed from the network diagram provided, the internal network of the
organization are already providing connections several number of servers through three
different routers as well as two routers providing connections for servers of specific
departments. This forms a unified and interconnected network structure which is also
connected to a cloud network. This helps organizations in scaling of resources for specific
Question 1 (Detecting reconnaissance)
i) Data Collection and Scanning
The present network of the client apparently is vulnerable to insider attacks that is
attacks being conducted by rogue staff members or members making us of the internal
network of the company (Cooper 2017). These attacks can include performing
reconnaissance, vulnerability scans, deliberate attempts to disrupt specific services, denial of
service attacks (DoS) attacks. More severe attacks can involve theft of sensitive information
of the organization or the clients and details regarding other staff members (Mugisha and
Zhou 2016). To perform the above mentioned attacks, the members need to detect the
network configuration of the hosts that are up and running at the time as well as the ports that
are open.
As can be observed from the network diagram provided, the internal network of the
organization are already providing connections several number of servers through three
different routers as well as two routers providing connections for servers of specific
departments. This forms a unified and interconnected network structure which is also
connected to a cloud network. This helps organizations in scaling of resources for specific
NETWORK INTRUSION AND SCAN DETECTION3
services like web, mail, FTP and other services that are being hosted by the network.
Therefore the attackers would try to collect information regarding the DNS IP address of the
web server, the mailing domain and user account databases. Based on this they will try to
hijack the web or mailing sessions. By knowing the open ports through which the services are
being provided, the members can make use of appropriate commands.
Since all the connections being provided to workstations, printers and servers of a
particular area are being done through the routing devices, it is difficult to isolate the network
connections between one another and helps other members in the network to access network
configuration of any device. The use of switches can help impose VLANs to isolate segments
and use routing commands like Access Control Lists (ACL) to block unauthorized accesses.
Then protocol analysers like Wireshark can be used to the blocked connection attempts and
the source IP address to identify the system being used by the rogue employee and possibly
identify this rogue employee.
Other than this the hardware firewalls offered by the routers can be used to form a
DMZ network through which services of only certain servers and printing devices can be
offered to other systems of various members of the organization. This DMZ or perimeter
network can be setup to implement both Intrusion Detection Systems (IDS) as also Intrusion
Prevention Systems or IPS (Canfora, Pirozzi and Visaggio 2017). An Intrusion Detection
System works by continuously monitors the network traffic and reconnaissance attempts by
unauthorized users, attempts to access information of other devices without permission as
also activities like sniffing, spoofing and social engineering attacks (Noel and Jajodia 2017).
The IDS systems generate alerts for the network administrators and the information provided
helps them take appropriate actions on the networks threats found and the source of attack
identified (Wang 2017). Intrusion Prevention Systems (IPS) work partially similar to IDS
systems but instead of relaying the information to the network administrators and waiting on
services like web, mail, FTP and other services that are being hosted by the network.
Therefore the attackers would try to collect information regarding the DNS IP address of the
web server, the mailing domain and user account databases. Based on this they will try to
hijack the web or mailing sessions. By knowing the open ports through which the services are
being provided, the members can make use of appropriate commands.
Since all the connections being provided to workstations, printers and servers of a
particular area are being done through the routing devices, it is difficult to isolate the network
connections between one another and helps other members in the network to access network
configuration of any device. The use of switches can help impose VLANs to isolate segments
and use routing commands like Access Control Lists (ACL) to block unauthorized accesses.
Then protocol analysers like Wireshark can be used to the blocked connection attempts and
the source IP address to identify the system being used by the rogue employee and possibly
identify this rogue employee.
Other than this the hardware firewalls offered by the routers can be used to form a
DMZ network through which services of only certain servers and printing devices can be
offered to other systems of various members of the organization. This DMZ or perimeter
network can be setup to implement both Intrusion Detection Systems (IDS) as also Intrusion
Prevention Systems or IPS (Canfora, Pirozzi and Visaggio 2017). An Intrusion Detection
System works by continuously monitors the network traffic and reconnaissance attempts by
unauthorized users, attempts to access information of other devices without permission as
also activities like sniffing, spoofing and social engineering attacks (Noel and Jajodia 2017).
The IDS systems generate alerts for the network administrators and the information provided
helps them take appropriate actions on the networks threats found and the source of attack
identified (Wang 2017). Intrusion Prevention Systems (IPS) work partially similar to IDS
systems but instead of relaying the information to the network administrators and waiting on
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents