Securing your Network and Track down The Intruder
After i write down all my knowledges bout the “Dark Game”, this time i’ll explain how to break down and tracking the Intruder who play this Game.
This knowledges, i discover by my self, coz a long time ago i didn’t know about a blog or resource which covering this action.
in this action we will cover a few point to break down and track down the intruder, such as:
IDS or Intrussion Detection System (sniffing the net)
Overview :
IDS or known as Intrussion Detection System, used by system or network administrator to check all anomaly usage on the network, to a server or the whole network
The main action of an IDS is sniffing all packet through the network, and auditing all the packet, is there something strange or unusual or matching with intrussion pattern
Give a complete report to system/network administrator ’bout the anomaly and the intruder
Tools:
SNORT, the most known IDS application is Snort => http://www.snort.org (http://www.snort.org) , snort will cover all u need for this purpose
Symantect Client Security, for third party which need some extra money to get is Symantect Client Security, but this packet software is intregated with the firewall and i can say this is the perfect one for an individual computer on the net, not covering all the network but perfect on single workstation
HoneyNet, this tools has basic purpose to sniff the net but don’t have ability to report an intruder.
WireShark a.k.a Ethereal same function with HoneyNet with much interesting GUI and much more Function to auditing packet
Network Traffic
Overview:
from the network traffic we will know is there an anomaly usage @ our network or not, coz with the normal traffic, i think there is a small possibilities there will be an intruder @ our network, but if there is an intruder @ our network the network traffic will fluctuated.
an anomaly behaviour will be there if intruder want to know more about our network or our resource
Tools:
NetLoad
NetStat
Iptraff
most the tools is designed for nix system, but i’ll try to find the tools for win32 environment
Log Forensics
Overview:
from log you’ll know everything more detail bout your box and your network
Tools
log reader or something like that
i don’t have any experience bout tools which can make me happy with a bunch of log file, coz i love to read it manually
IPS
Overview :
Intrussion Prevention System, the extended system of IDS, which make your jobs more lighter, more simple, this system will help you securing the network and the machine automatically. coz this system have the ability of an IDS + Tough Firewall system and some script to configure it.
Tools :
i recommend u symantec client security for individual box on the network.
for the network u can use the Snort master and an snortsam + iptables
Firewall
Overview:
this system ability is to protect ur network from intruders, securing your network and your machine, keep your network safe from DoS (Denial of Service)
filtering user for accessing your resource
and make sure all packet flow on your network is harmless
Tools :
Netfilter
Iptables
Ipchains
et
I think this few overview is enough for you to get prepare from the intruder, next post i’ll try to explain how to break this secure system and armed the network from intruders.
_____
with loves, with efforts, with knowledges
knowing the best for ur best
__illuminator__
Tags: myNote (http://technorati.com/tag/myNote), Networking (http://technorati.com/tag/Networking), Hacking (http://technorati.com/tag/%20Hacking)
Read more at: :: nEvEr gIVeUp :: (http://wafa.web.id/2007/08/27/securing-your-network-and-track-down-the-intruder/)
Recent Comments