Home > Uncategorized > #Active #Intrusion #Detection / detect and trace data breaches on your network.

#Active #Intrusion #Detection / detect and trace data breaches on your network.

aid

The weakest point of security on a network can often be its users. If a disgruntled employee emails your server passwords to a competitor, there is no firewall or anti-virus that can detect this.

Systems like Firewalls and Antivirus software stop unauthorised users access your network, but authorised users being either careless or malicious with your sensitive data is not something that would be detected or prevented by standard network security.

What this software does, is allow you define a set of “Red Flags”, which can be either password fragments, or other sensitive data, and then it will listen silently to network traffic until such time as the user tries to send this sensitive data insecurely over the network.

If an insecure transmission of sensitive data is detected, then immediately an email is sent to the network administrator, who can take action by resetting the passwords on any compromised systems, and track down the perpetrator of the leak via the user’s computer name and IP address.

Although this system does not prevent the transmission of sensitive data over the network, it does detect when such transmission has occurred, and allows prompt action to limit the damage caused by such a leak.

Want to learn more ? head on on over to https://www.activeintrusiondetection.info and install the software – It’s free, please spread the word.

A recently released software package, named “Active Intrusion Detection”, or “AID” for short has been developed by an Irish software development company named Infinite Loop, which aims at addressing this significant security hole in modern data networks.
What this software does, is allow the network administrator to define a set of “Red Flags”, which can be either password fragments, or other sensitive data, and then set the software to listen silently to network traffic until such time as the user tries to send this sensitive data insecurely over the network.

If an insecure transmission of sensitive data is detected, then immediately an email is sent to the network administrator, who can take action by resetting the passwords on any compromised systems, and track down the perpetrator of the leak via the user’s computer name and IP address. Although this system does not prevent the transmission of sensitive data over the network, it does detect when such transmission has occurred, and allows prompt action to limit the damage caused by such a leak.

Understanding Red Flags
The concept behind the Active Intrusion Detection system is the idea of “Red Flags”. These are network-administrator defined pieces of text that indicate a data breach has occurred. A sample “Red Flag” could be a password fragment to your production servers. It would be a network admin’s worst nightmare to think that a junior developer in a company decided to post the production server’s administrator password onto a public forum. Even if there was no malicious intent, the security risk would be considerable.
The “Red Flag” itself should be long enough so that it would not randomly occur in a stream of network traffic that could be completely unrelated, such as within a video or audio data, but at the same time, should not itself be identifiable enough to become an attack vector in of itself. So a long fragment would be ideal.
Other possible triggers could include a password for a “dummy” user in a database. This particular user would not be normally accessible to regular users of a system, but if the password were to be detected in network traffic, then it would be an indication that a hacker or careless employee was creating an insecure dump of the users database.
Installation At present, the software is available for 64 bit Windows, but a Linux and Mac OS version is in the pipeline, it can be downloaded from https://www.activeintrusiondetection.info/ for free, and it installs as a Windows Service on the local machine. Once installed, the website will detect a local installation, and allow the administrator define configuration settings such as selecting the network
adaptor to monitor, and the “Red Flags”, or snippets of sensitive data that would indicate an imminent data breach.

After downloading the ZIP file from the download link on the website, there will be a readme file, the WinPCap driver installation executable, and the Active Intrusion Detection Monitor installation file contained within the ZIP.

The core functionality of the monitoring software is provided by WinPCap, which is a network packet capture driver, which is used by software packages such as WireShark – a popular network packet sniffing tool. This driver should be installed prior to the installation of the Windows service. You can install using the bundled WinPCap installer, or download the latest version from https://www.winpcap.org
After WinPCap is installed, then the Active Intrusion Detection software can then be installed, this is done by clicking on the MSI, or setup.exe, and following the on-screen instructions. Once this is installed, a new Windows service named "Active Intrusion Detection" will be installed on the local system, and begin running. On first run, this will await configuration via the website https://www.activeintrusiondetection.info/ Once installed, the user should visit the website https://www.activeintrusiondetection.info, from the same PC that you have installed the Windows service, where the website should detect a local installation, and ask you to configure the service. You then press the configure button to continue.
On Filling out the form, including an email address, a password, selecting the network adaptor connected to the Internet, and add a Red Flag (a piece of text that represents some sensitive data that you don’t want to be sent insecurely). Then press Save.
Within 30 seconds the Windows Service should detect the change and begin monitoring your Network, and the Windows service should transition between the “Starting” and “Running” states.

Limitations and caveats
Active Intrusion Detection does not prevent or block a hacker or careless employee from sharing company secrets with the outside world, but it can help notify network admins to that they can act swiftly to reset passwords, or otherwise nullify the effect of the breach. If the data being leaked is sent via secure means, such as over a VPN, or HTTPS, then the network monitor will not detect the breach – however, it would be most effective against accidental data leaks by careless employees, rather than hackers who are aware of all the security systems employed within a network.

 

 

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: