READ QUESTION FIRST!
We shall, for the hypothetical purposes of the workshop/tutorial, consider a number of computers of ACorp have been accessed by an external group of unknown persons, to be hazardous to the remainder of the computers on the network. Your client - ACorp - has a large network of desktop and server computers that span a reasonably complex network.
For your client, prepare a couple of paragraphs and references (urls, documents) for each of the following tasks (can be business language high level and/or technical detail at low level);
QUESTION
Logging traffic Find relevant techniques or recommendations for systems that allow logging the unusual traffic. How can unusual traffic be logged? What tools or software can be deployed?
unusual traffics are allowed in system by IPS (Intrusion Prevention System) and IDS (Intrusion Detection Systems) look for intrusions and symptoms within traffic. IPS/IDS systems would monitor for unusual behavior, abnormal traffic, malicious coding and anything that would look like an intrusion by a hacker being attempted.Firewalls are also use to allow the unusual traffic in system. The primary job of a firewall is to protect the company’s network from internet threats and to enforce company security policies. The security policy will dictate what applications, services, ports and IP addresses are allowed and disallowed via the firewall.
IPS (Intrusion Prevention System) systems are deployed inline and actually take action by blocking the attack, as well as logging the attack and adding the source IP address to the block list for a limited amount of time; or even permanently blocking the address depending on the defined settings. Hackers take part in lots of port scans and address scans, intending to find loop holes within organizations. IPS systems would recognize these types of scans and take actions such as block, drop, quarantine and log traffic. However this is the basic functionality of IPS. IPS systems have many advanced capabilities in sensing and stopping such attacks.
IDS (Intrusion Detection System) systems only detect an intrusion, log the attack and send an alert to the administrator. IDS systems do not slow networks down like IPS as they are not inline.
unusual traffic can be logged through the Computers which runs a variety of programs in the background while it is running. This functionality is provided to enhance the productivity and efficiency of a computer. But this functionality is often misused by several programs and malware and hence results in a DDOS attack.
the tools which can be deployed are : 1.SolarWinds 2.Zabbix 3.PRTG Network Monitor 4.Nagios 5.Wireshark 6.Spiceworks 7.WhatsUp Gold
READ QUESTION FIRST! We shall, for the hypothetical purposes of the workshop/tutorial, consider a number of...
We shall, for the hypothetical purposes of the workshop/tutorial, consider a number of computers of ACorp have been accessed by an external group of unknown persons, to be hazardous to the remainder of the computers on the network. Your client - ACorp - has a large network of desktop and server computers that span a reasonably complex network. For your client, prepare a couple of paragraphs and references (urls, documents) for each of the following tasks (can be business language...
We shall, for the hypothetical purposes of the workshop/tutorial, consider a number of computers of ACorp have been accessed by an external group of unknown persons, to be hazardous to the remainder of the computers on the network. Your client - ACorp - has a large network of desktop and server computers that span a reasonably complex network. For your client, prepare a couple of paragraphs and references (urls, documents) for each of the following tasks (can be business language...