Detection

 
 
By Joshua Weinberger  |  Posted 2004-03-15 Print this article Print
 
 
 
 
 
 
 


Detection

Step 3

To detect a breach, there are tools and services ranging from firewalls to intrusion-detection systems to log-analysis programs to managed-service providers. Thats the science. But detecting the actions of a motivated, inventive attacker takes human detectives who are just as ingenious and relentless as their opponents.

The best place for a detection plan is a quiet conference room with a big whiteboard and every IT manager in attendance. Make a rough map showing the entire network. List every supplier, partner and customer in the margin. By the end of this exercise, you should know—intimately—how, where and when each of these networks connect and is secured.

To detect attacks, managers also must know what normal behavior looks like. Examine network protocol analyzer captures and log files from applications and servers. Hardware and software probes are useful, but much more expensive to deploy in areas where long-term monitoring of high-volume nets is required.

Products that rely on log data to track user activity are good additions to a detection tool kit. They can quickly reveal what consititutes normal behavior and often just as quickly highlight potential problems.

Intrusion-detection systems can be programmed to look for a limited range of anomalous behavior to identify attacks. The intent of many of these tools is to probe for weaknesses, and, in the process, they can block access to needed ports on a Web server or can cause applications to break. It almost goes without saying that these tools should not be used on a production network during business hours.

An alternative is to set up a lab that mimics your organizations IT environment. Practice using the intrusion-detection system and fine-tune it so that it sends as few false-positive alerts as possible.

Next Page: Step 4: Response


 
 
 
 
Assistant Editor
joshua_weinberger@ziffdavisenterprise.com
After being on staff at The New Yorker for five years, Josh later traveled the world, hitting all seven continents in a single year. At Yale University, he majored in American Studies, English, and Theatre Studies.

 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel