How to Handle a Security Breach

By -
How to Handle a Security Breach on Your Network
Every Moment there are a number of APT’s (Advanced Persistent Threats) are increasing alarmingly and organisations from all over are under attack . The days when the government and military sectors were under the radar of hacktivists and cybercriminals . Now hackers have started targetting even IT sector organisations , Banking sectors , Energy and the list goes on . Not the Network security Administrators need to be ahead of hackers and alter their mindset from prevention to detection . Now the organisations are targetted with more sophisticated attacks and there is simply no way to prevent the network breach completely .
The networks once compromised may lead to data leakage as well as using the hosts in a botnet . The traditional solutions donot have the ability to prevent the APT ‘s 100% . Therefore penetration testing of the network is of high importance . Here are some steps that one must take immediately once an anomoly in the network is identified .
Identify the Attack :
Whether or not you catch a new infection quickly, or discover that a threat has been harvesting or manipulating data on your network for weeks, months , the first thing you need to do is identify the attack by determining:
  • Which systems, services and devices have been compromised?
  • Who is the target within the organization?
  • Does it stem from a host on your network, or is it coming from outside your perimeter?
  • Information about the command & control servers that were used in the attack (IP addresses, domain names, etc.)
  • The type of attack (e.g. stealing information,DDoS, unauthorized remote access, etc.)
  • The nature of the attack
  • The agenda of the attack
Traffic Log Analysis- to detect attacks as soon as they occur is one of the best remedies at this step .
Quarantine the Damage
For many organizations – particularly large enterprises — taking the network offline after an attack is simply not a feasible option. Each day, numerous employees, customers, partners and vendors depend on the network. What’s more, idling the network could result in major damage to one’s reputation.
However, provided that the identification step (as described above) is done efficiently and thoroughly, there’s likely no need to consider such a drastic reaction. Instead, it makes sense to quarantine only the infected servers, computers and devices. From there, they can be examined, remedied and brought back online.
Disinfect
Once the infection is quarantined, the next step is to disinfect the network.To disinfect you’ll need to compare pre-infection and post-infection backups. Start with the most critical systems first, and then work towards less essential systems from there.
Also keep in mind that as you work your way through this process, that the network breach is a considered crime, and that means you could be wiping away valuable evidence.
You should definitely consult with your organization’s legal counsel to ensure that you have the most up-to-date and accurate advice.
Re-Secure the Network
Before putting any server, computer or device back online, ensure that all compromised or potentially compromised passwords are changed, and that new passwords incorporate best practices for strength and security.
Plus, if the attack was triggered by a spear phishing email or some other vulnerability that involved the unwitting participation of an employee, then you also want to educate all employees on how they must play an active role in maintaining network security going forward.

That’s how you get the network running and prepare for in future attacks . The best practice in this case will be to use a SIEM (Security Incident and Event Management System) .

Comments

Post a Comment

Popular posts from this blog

HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING KALI LINUX.

By -
Image
HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING  KALI LINUX . Today,i am going to show you how you can get email-id,username and password or any user details you want by using  KALI LINUX . STEPS FOR SETTING UP YOUR SYSTEM. Download Kali Linux from   here . Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement. NOTE:During installation,in mount point of selected installation drive,set mount point to  "/" . Remember the username and password while installation as this will
Read more

Port Fail Vulnerability : Critical VPN Vulnerability

By -
Image
Port Fail Vulnerability : Critical VPN Vulnerability How Port Fail Vulnerability Exposes your REAL IP on SKYPE Using Port Fail Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login. Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from  nmap  package suits our needs very well: # nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39  RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32    Max rtt: N/A | M
Read more