General discussion

  • Creator
    Topic
  • #2130482

    Inside Intruders

    Locked

    by scott diorio ·

    I have noticed an inside malicous attack on another computer within my networks. Suggestions on protecting individual machines from attacks the operating systems are 9x,ME,2000?

All Comments

  • Author
    Replies
    • #3545542

      Inside Intruders

      by maxwell edison ·

      In reply to Inside Intruders

      Greetings,

      On some of my more sensitive “desktop” machines, I’ll use a couple of protection measures.

      Password the BIOS:

      No one will get into that machine. Of course there is a way around it, but it involves opening the computer case and clearing all the BIOS settings by knowing which jumper to set and how to set it. I don’t really think that will happen. And if it does, I’ll immediately know about it (because the BIOS password would be cleared for good).

      Password a screen saver:This is especially good for a Windows 9X machine that has no other viable security options. If the screen saver is set to run after 1 minute, for example, the only way to gain access to the machine is to know the password.

      A combination of both of the above.

      Good luck,

      Maxwell

      • #3545541

        Inside Intruders

        by maxwell edison ·

        In reply to Inside Intruders

        .
        .
        Of course, it should go without saying, that only the user and you, and perhaps another truster backup to you, are privy to the passwords.

        Regards,

        Maxwell

      • #3545525

        Inside Intruders

        by scott diorio ·

        In reply to Inside Intruders

        This resolved the physical behind the computer attacker. The problem wasn’t the person phsycially behind the computer the person travel through the network resources either TCP or browsing through network neighboorhood. Those are the problem attackers.

    • #3545512

      Inside Intruders

      by stillatit ·

      In reply to Inside Intruders

      At some point this problem becomes the same as an employee breaking into another employee’s desk. You should have company policies in place which allow the company to take action against anyone caught doing this. With the policies in place, a periodic general warning to everyone (via email) should deter the casual user.

      Having the policy in place, your problem becomes one of detection, not necessarily prevention.

      If the attack is active, that is, the attacker is probing a machine, capturethe attacker’s IP, and trace them back to their originating machine. At that point, depending on your company, what they were actually doing, etc., you can have their supervisor or HR have a chat with them, or start building a case to dismiss them.
      If the attack is passive, such as someone running a packet capture program, you can either isolate traffic by using switches instead of hubs, so that a particular workstation only sees its own plus broadcast traffic, or you can periodically run a program which actively looks for ethernet cards in promiscuous mode on your network. In the latter case, once you can ID the person, proceed as above.

      Good luck.

    • #3545504

      Inside Intruders

      by scott diorio ·

      In reply to Inside Intruders

      This question was closed by the author

Viewing 2 reply threads