A Five-Step Plan to Help You Stay Ahead of Computer Security Attacks, Risks, and Threats, Part Two
Step No. 2: Follow the Threat to Its SourceWhen an alert shows up on a security manager's console, it's as if someone set off an alarm, says Morrow, the Chief Security and Privacy Officer for Electronic Data Systems Corp. The security group's first question is obvious: Where is the problem? But finding the answer requires ingenuity. There's no single surefire method for finding a security breach and nailing down its scope.
The task is still more art than science. Event logs generated by firewalls and early warning intrusion-detection/prevention systems give security analysts one route of inquiry. And the demand for tools that help correlate the mass of security data held by the various systems is growing. Security experts advise looking at security information and event management software, which helps security managers detect incidents, for clues that may help identify the source of the attack as well.
Security information and event management software rolls up alerts from firewalls and intrusion-detection/protection systems, along with event data from antivirus products, databases, Web servers and elsewhere. It offers two tracks to get to the source. One is its visualization portion, which looks like a large, continuously scrolling spreadsheet and provides some amount of detail on a network attack, detected virus or other event, including the Internet Protocol address of the affected equipment and device name.
The initial information gives a basic sketch of the problem and where it may exist. Every device connected to a network is identified by an Internet Protocol address, for example, which can guide security personnel to the general areas requiring investigation. However, there are limitations to this line of inquiry; one is a lack of context. What does the IP address mean? Where is it and who is using it?The other limitation is that an attack may spoof the IP address. Security analysts thus have to dig deeper into the second source, the event logs, which contain more finely grained detail. They'll be looking for Media Access Control addresses, which identify network nodes, to see if a given IP address is correct and valid, Lawson explains. The logs also will provide details on how an attack progressed through a network. By examining the firewalls and routers and operating systems, analysts can piece together how many Media Access Control addresses, Internet Protocol addresses and routers were targeted in a given incident, Lawson says. Security personnel need information beyond the alert itself. A good security information and event management system will archive logs from different security devices, routers and operating systems. A security information and event management system's data gives the security team direction; after that, they must still physically find the affected system. A configuration management database, which holds information about the components of an organization's information-technology infrastructure, can help. By identifying components and their status, the database helps security managers zero in on the source of trouble, though that doesn't mean all devices are easy to find; a laptop plugged into the corporate network by a temporary worker or other visitor will be elusive. For all the automated sleuthing, a certain percentage of devices will be discovered only by simple hand-on crawling through offices, plugging and unplugging things. When it comes to detecting an attack, human intelligence must support automated systems in determining the scope and severity of an attack. Security managers say they seek out the affected asset's owner.
Determining the appropriate response means taking the attack's venom into account. Besides wanting to know how many systems are affected and the location of the attack, security personnel also seek to determine the insidiousness of the attack. They will want to know if it is a random exploit or a botnet propagating through the network and reporting information back to somebody or some organization through an IRC [Internet Relay Chat] channel. Something like that is much more impactful."
While corporate security groups chase down incursions when they happen, they've tried to become more proactive, looking for and fixing weak spots before attacks occur with the help of vulnerability management tools. Like intrusion-detection sensors and firewalls, these tools may feed into security information and event management systems and configuration engines. Many organizations scan for vulnerabilities on a regular basis, allowing security personnel to determine which systems are vulnerable to attack and patch accordingly.
Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.
These cybercriminals leave you with three choices:
1. Do nothing and hope their attacks, risks, and threats don't occur on your computer.
2. Do research and get training to protect yourself, your family, and your business.
3. Get professional help to lockdown your system from all their attacks, risks, and threats.
Remember: When you say "No!" to hackers and spyware, everyone wins! When you don't, we all lose!
© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator
Source: Free Articles from ArticlesFactory.com
Related Tags: help, computer, to, you, security, risks, plan, a, and, of, two, attacks, part, stay, threats, five-step, ahead
Etienne A. Gibbs, Independent Internet Security Advocate and Educator, consults with individuals, small business owners, and home-business entrepreneurs regarding online protection against spyware, viruses, malware, hackers, and other cybercrimes and pc-disabling issues. For more information, visit www.SayNotoHackersandSpyware.com/.
Your Article Search Directory : Find in ArticlesRecent articles in this category:
- Using Keywords Effectively For an SEO Campaign
Keyword research is one of the most crucial parts of an SEO campaign. If you end up choosing the wro - Search Engine Optimization Copywriting Tips
SEO copywriting is not as technical as it sounds but is different from traditional copywriting for t - 3 Tips to Make Money Using Videos
For the last five years video has been a real success in the internet. Now you can find video in alm - Is Social Media Networking Your Next Strategy For Your Online Marketing?
When you try to work on online promotion and online marketing, social media especially social media - Submitting a URL of Your Website
People who make a website usually do research on how to improve not only the quality of their websit - 5 Bad Habits of Article Marketing
There are many ways to advertise your company but having a highly ranked website is the best. Most p - Facts About SEO Services Company
SEO services companies are becoming very popular in the internet marketing world but there are some - 4 Ways Search Engine Optimization Can Be So Powerful
Whether you are an affiliate marketer, small businessman or a large organization, your first step wh - A List of 3 Options For Internet Business
The trend of making money through online business has become trendy now a day. People are shifting t - Getting the Best Affiliate Products For Your Site
Making money online was never so difficult before. There are numerous ways through which you can mak
Most viewed articles in this category:
- The Revolutionized Ebay Etailsolution Software
With the help of eBay, the auction business has received a new meaning. With the help of the many eB - Internet Millions - by Ryan Orrell - Honest Review
REVIEW: "Internet Millions", by Ryan Orrell, is a refreshing new kind of internet marketing e-bo - A Google Adsense Addiction
54% of all Google Adsense publishers admit addiction to click income. A recent online study conducte - Lead Generation for Top Residual Income
At the heart of any good residual income business is a person who knows how to generate leads. Lead - Make Money With Information Ebook Products: The Other End
I don't like thinking of myself as the kind of person that has made it rich on the internet, but in - Repeat Business Equals a Residual Income Stream
Residual income comes from other people reacting to a single action by the business owner. What bet - The NFL & United Way
There are many ways that NFL players help with the United Way. First of all, they donate a lot of th - Seo - Making Money Writing Seo Reviews
If you are a reviewer or critic you are likely to find work writing reviews of products and services - Understanding Perfume Types
Understanding the various varieties of perfume can help to cut through the difficulty in selecting a - Ecommerce Basics: Three Things To Avoid
When you decide to put your ecommerce website together there are a few mistakes that are easy to mak