Computers under Attack: IDS Alert - Essay Example

A hacker can exploit it using a remote desktop connection and could send malicious threats or Trojans to gain access to the computer from this port. Removing my PC from the network will help isolate it and stop transferring the threat or virus to other computers on the network. A well define thought and planning is necessary before installing an Intrusion Detection System (IDS) on a network. Besides technical issues and product selection, another serious factor is the resource issues that include manning the sensor feeds, product expenses, and infrastructure support that must also be kept in mind.

After the computer has been isolated the next step would be to detect and remove the threat using the appropriate Intrusion Detection Systems. Updated versions of spyware and Antivirus software will be installed on the PC if the current versions could not detect the threat. If I would be having a Windows operating system then I will at once boot the computer on Safe mode or from a clean floppy or bootable CD before starting the threat detection and cleaning process. Another important thing is to get enough knowledge about the virus or threat we are dealing with.

For this, I would use internet search engines like Google or Yahoo to know about the threat and effective procedures through which we can clean it. Some of the popular and effective antivirus software that are available in the market are AVG Antivirus, McAfee Virus Scan 2007 Professional Edition, and NOD32, etc. I will try to update that PC by installing any one of these IDS. I will also configure the Auto-update option in the antivirus software so that it automatically detects and download new virus signatures.

Other machines that are connected with this one will also be checked for threats as there could be a possibility of infection in those PCs too. Any possible security event like this one will be reported to the assigned security officer. Any activity or breach of security policy is a security incident. A set of rules and procedures should be maintained when dealing with these kinds of security incidences. All the incidents that are mentioned as serious by the security officers will be at once conveyed and reported to all the top-level management and the concerned authorities.

ConclusionBy reviewing the firewall and IDS logs it would give me the real picture of the scenario and will let me know the network activities that brought about this threat. Logs are basically the record of all the network activities going on that PC. (Hoffman, 1990) Logs are maintained by most of the Intrusion Detection Systems and they play a key part in analyzing the loopholes in our Computer Systems. An IDS logs unnecessary traffic but doesn't always block it. To overcome this problem I will install an updated firewall with good logging capabilities.

This is the detailed procedure through which I will recover my PC.