After i write down all my knowledges bout the “Dark Game”, this time i’ll explain how to break down and tracking the Intruder who play this Game.
This knowledges, i discover by my self, coz a long time ago i didn’t know about a blog or resource which covering this action.
in this action we will cover a few point to break down and track down the intruder, such as:
- IDS or Intrussion Detection System (sniffing the net)
- Overview :
- IDS or known as Intrussion Detection System, used by system or network administrator to check all anomaly usage on the network, to a server or the whole network
- The main action of an IDS is sniffing all packet through the network, and auditing all the packet, is there something strange or unusual or matching with intrussion pattern
- Give a complete report to system/network administrator ’bout the anomaly and the intruder
- SNORT, the most known IDS application is Snort => http://www.snort.org , snort will cover all u need for this purpose
- Symantect Client Security, for third party which need some extra money to get is Symantect Client Security, but this packet software is intregated with the firewall and i can say this is the perfect one for an individual computer on the net, not covering all the network but perfect on single workstation
- HoneyNet, this tools has basic purpose to sniff the net but don’t have ability to report an intruder.
- WireShark a.k.a Ethereal same function with HoneyNet with much interesting GUI and much more Function to auditing packet
- from the network traffic we will know is there an anomaly usage @ our network or not, coz with the normal traffic, i think there is a small possibilities there will be an intruder @ our network, but if there is an intruder @ our network the network traffic will fluctuated.
- an anomaly behaviour will be there if intruder want to know more about our network or our resource
- most the tools is designed for nix system, but i’ll try to find the tools for win32 environment
- from log you’ll know everything more detail bout your box and your network
- log reader or something like that
- i don’t have any experience bout tools which can make me happy with a bunch of log file, coz i love to read it manually
- Overview :
- Intrussion Prevention System, the extended system of IDS, which make your jobs more lighter, more simple, this system will help you securing the network and the machine automatically. coz this system have the ability of an IDS + Tough Firewall system and some script to configure it.
- i recommend u symantec client security for individual box on the network.
- for the network u can use the Snort master and an snortsam + iptables
- this system ability is to protect ur network from intruders, securing your network and your machine, keep your network safe from DoS (Denial of Service)
- filtering user for accessing your resource
- and make sure all packet flow on your network is harmless
I think this few overview is enough for you to get prepare from the intruder, next post i’ll try to explain how to break this secure system and armed the network from intruders.
with loves, with efforts, with knowledges
knowing the best for ur best