Detecting Unknown Devices


Cases in which intruders connect their PCs or notebooks to critical network segments in order to access confidential information being transmitted (such as passwords or financial documents) are not particularly uncommon. Network sniffers installed on such computers enable the hacker to intercept all network traffic circulating between the hosts within the critical segment. The danger of such unauthorized connections lies in the fact that they allow the hacker easy access to user passwords (including the administrator's passwords) transmitted as plain text by most protocols based on the TCP/IP stack. For example, the following protocols have no protection against such an attack: HTTP, FTP, Telnet, POP3, IMAP, and so on. Information transmitted between SQL Server and client applications also completely lacks protection.

Quite often, employees of companies where Internet access is controlled and restricted using various security tools (such as firewalls or content-control systems) connect modems to their computer in order to connect to the Internet bypassing the security mechanisms. On the other hand, modems are often used to update various accounting programs or legal information databases. Finally, some users employ modems to access their workstations from home. All this presents a serious threat for most companies, since the computers to which modems are connected are totally unprotected. This means that any intruder who detects such a backdoor entrance can use it for unauthorized access to resources that require protection. In my practice, unfortunately, I have never seen a company in which there was not a modem connected to the Internet in order to bypass the security policy requirements.

Intrusion detection systems allow you to identify the addresses of external hosts within the controlled segments and detect increased traffic from specific workstations that previously were not involved in such activity. All this can serve as evidence of the fact that an intruder has penetrated the corporate network via a modem.




Protect Your Information with Intrusion Detection
Protect Your Information with Intrusion Detection (Power)
ISBN: 1931769117
EAN: 2147483647
Year: 2001
Pages: 152

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net