Intrusion Detection System - Assignment Example

Intrusion Detection SystemIntroduction It is very important to keep track of all possible intrusions that a sensitive network might encounter (thesis statement). This can be done by keeping a strict check on proper configuration, management and monitoring of the firewall settings, intrusion detection system’s logs and anti-virus upgrades. A case study has been discussed here which involves a scenario where an intruder attacked port 3389 of a computer.Necessary Actions According to the case study given, the intrusion will drive me to take these actions: I shall tell myself to relax.

Fright worsens the whole situation. One can think better with a composed mind. I shall take a deep breath instead of getting frightened, and then shall look into the matter deeply as to how the problem arose and what to do next. I shall isolate the affected computer within no time so as to protect the other computers on the network. First, I shall unplug the network cable and then physically disconnect the victim computer from the network which will block the attacker from gaining further access to the computer as well as from infecting other computers on the network.

I shall change the subnet mask on the attacked port or try creating a VLAN, and if the network router is not capable of creating VLANs, then I could use another router “by using the wan port as the connection” to the original router (Techie, 2009). After getting the system disconnected both from the internet and the network, I shall think about doing a proper action with the attacked port 3389. Because the intruder infected the port 3389, it would be necessary to block it, and open it only for local functions with the co-computers.

I shall look for any important network passwords that might have been saved on the computer. I shall find out if there was any sensitive information saved, such as, any credit card details and if yes, then the credit card company has to be notified immediately. I shall ask myself when the first time I caught something was going wrong which I had not considered important at that time. Other enquiries that will be necessary are that- whether the anti-virus software installed had been updated or contained non-updated virus definitions.

I shall find out if upgrades had been installed and were operational. It will also be important to investigate whether VPN had been established to protect the network from getting intruded and to reduce the security breach. I shall make arrangements for the continuity of network operations like preparing redundant system and obtaining data back-ups (State of California, 2009).I shall immediately inform the system administrator and all the concerned authorities that are associated with the sensitive information saved on the affected computer, such as, the credit card company as stated above.

I shall review the firewall and intrusion detection system (IDS) logs because the intrusion might have been possible due to a trouble with these. I shall review all routers and DNS servers to make sure that firewall settings have been applied to the whole network. It is also important to find out if the firewalls and IDS had been properly configured and implemented as there might have been a problem with proper configuration of firewalls due to which these could not block the intrusion. I shall scan the firewall through a vulnerability scanner to make sure that it only allows the pre-defined and requisite actions and services to pass through.

SummaryPutting everything together, I shall do all what I can to make sure that such an intrusion never occurs again and shall carry out necessary investigations about the firewall and IDS logs and settings to make the network secure from all non-trusted sources.ReferencesState of California. (2009). Computer crime reporting- summary of incident do’s and don’ts. The California Highway Patrol. Retrieved from http://www.chp.ca.gov/programs/ccrime-incident.htmlTechie, J. (2009). How to isolate computer from others on network.

Let’s Tech Talk. Retrieved from http://www.tech-forums.net/pc/f44/how-isolate-computer-others-network-206335.html