General discussion

Locked

Inside Intruders

By Scott DiOrio ·
I have noticed an inside malicous attack on another computer within my networks. Suggestions on protecting individual machines from attacks the operating systems are 9x,ME,2000?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Inside Intruders

by maxwell edison In reply to Inside Intruders

Greetings,

On some of my more sensitive "desktop" machines, I'll use a couple of protection measures.

Password the BIOS:

No one will get into that machine. Of course there is a way around it, but it involves opening the computer case and clearing all the BIOS settings by knowing which jumper to set and how to set it. I don't really think that will happen. And if it does, I'll immediately know about it (because the BIOS password would be cleared for good).

Password a screen saver:This is especially good for a Windows 9X machine that has no other viable security options. If the screen saver is set to run after 1 minute, for example, the only way to gain access to the machine is to know the password.

A combination of both of the above.

Good luck,

Maxwell

Collapse -

Inside Intruders

by maxwell edison In reply to Inside Intruders

.
.
Of course, it should go without saying, that only the user and you, and perhaps another truster backup to you, are privy to the passwords.

Regards,

Maxwell

Collapse -

Inside Intruders

by Scott DiOrio In reply to Inside Intruders

This resolved the physical behind the computer attacker. The problem wasn't the person phsycially behind the computer the person travel through the network resources either TCP or browsing through network neighboorhood. Those are the problem attackers.

Collapse -

Inside Intruders

by Stillatit In reply to Inside Intruders

At some point this problem becomes the same as an employee breaking into another employee's desk. You should have company policies in place which allow the company to take action against anyone caught doing this. With the policies in place, a periodic general warning to everyone (via email) should deter the casual user.

Having the policy in place, your problem becomes one of detection, not necessarily prevention.

If the attack is active, that is, the attacker is probing a machine, capturethe attacker's IP, and trace them back to their originating machine. At that point, depending on your company, what they were actually doing, etc., you can have their supervisor or HR have a chat with them, or start building a case to dismiss them.
If the attack is passive, such as someone running a packet capture program, you can either isolate traffic by using switches instead of hubs, so that a particular workstation only sees its own plus broadcast traffic, or you can periodically run a program which actively looks for ethernet cards in promiscuous mode on your network. In the latter case, once you can ID the person, proceed as above.

Good luck.

Collapse -

Inside Intruders

by Scott DiOrio In reply to Inside Intruders

Poster rated this answer

Collapse -

Inside Intruders

by Scott DiOrio In reply to Inside Intruders

This question was closed by the author

Back to Security Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums