IT Answers » Intrusion management

How to scan intrusions of other connected users IP addresses by SAX (NIDS)

SivS — Fri, 28 May 2010 07:09:17 +0000

How to scan intrusions of other connected users IP addresses by SAX (NIDS) after installing and running the same on my personal workstation which is in Intranet of my organization?
Please suggest how to check these users IPs by my machine SAX?
It connects via my LAN card, so how would this be functioning the scanning to other machines?

How to prevent viruses without an anti-virus?

ChoosenKing — Tue, 21 Oct 2008 14:18:26 +0000

Anti-virus does not always detect a virus especially the newer ones. Mostly Anti-Viruses bypass only this files. If something other than disabling the autoplay option might help, like preventing the injecting of files or restricting file insertion in the windows system folders and restricting installation for all types of executables, like .bat / .com / .exe and .cmd.

system security

Supercosmic — Sat, 18 Oct 2008 04:44:10 +0000

is there any solution to scan all the traffic through a specific port.
we deploy symantec antivirus corp 10.0 but still vulnerabilities creeping through the network nodes. and we are unable to prevent autorun scripts through flash disks

I am using windows 2000 server. I have change my child domain password has been changed autometically,My administrator is unable to resetted the p/w?

Vijay40088 — Sat, 23 Aug 2008 08:21:18 +0000

I am using windows2000 server with DNS,DHCP. I have child domain password. on 13th of August I have changed my child domain password.But nextday I asked my administrator ” We are not getting child domain password, but din’t changed password or he is unable to resetted password remotly.please suggest me :
If we traced out the such kind of incident which our IT parent domain child domain or anybody done or accidentally create security vulnerabilities and disgruntled. find out such root cause or find the right balance between security and usability.

Inter-office email security

Scarpochie — Fri, 11 Apr 2008 15:52:18 +0000

Has anyone heard of or used a solution that can prevent the forwarding or sending of internal emails that contain sensitive info or PI in an Exchange environment? It would seem it would have to happen at the point of creation. Is encryption the answer, although keys could be forwarded just as easily?

Thanks.

Recommendations for hosted intrusion detection and prevention system vendor?

Billpoly — Mon, 08 Oct 2007 05:27:14 +0000

Hello,

I am looking for a 100% outsourced (hosted, managed, etc.) intrusion detection and prevention system vendor for use in the payment card industry. They should be able to demonstrate recognition of and compliance with PCI security parameters. Does anyone have any qualified recommendations based on experience with particular vendors? If you have contact information for a particular vendor that you could share, that would be even better.

Also, does anyone have any guidelines against which to evaluate an intrusion detection and prevention system vendor – either for a hosted or in-house system?

Best regards,
Bill

Unknown Threats

Czarleo — Sat, 28 Jul 2007 14:24:28 +0000

Apart from honeypots, what are the different methods to find unknown threats which are prevalent? and how to find methods to mitigate them.

PS: all the vulnerabilities are known to all the n/w administrators and then can take measures to mitigate attacks but this doesnt happen..Hackers are at least 10 steps ahead..So how to find methods to find such unknown threats??

Paranoid about protecting my MAC address–Please read my story

DonBlake — Tue, 24 Jul 2007 14:28:29 +0000

What is the easiest way to protect your MAC address against spoofing? In 2004 I was the victim of a hacker that somehow spoofed my Cable Modem Mac address and used it to cover his identity while serving copyright material thru the internet. I was unsuspecting until my ISP one day suspended my service. I thought it was a normal outage but when I called my ISP I was transfered to their Security Dept. who said they would be sending papers explaining the situation. Some days latter I received an envelope from the Security Department of my ISP detailing the films that this hacker was serving thru the internet using my IP number and MAC address and warning me to desist.

This experience was really scary and frustrating because my only defense was that the times the hacker was logging with my identity I was at my workplace away from my home computer which was the one connected to the spoofed Cable Modem but still not a strong enough defense.

After arguing with the Security Dept. and not getting anybody to sympathize with me, even though I was only getting a warning I decided I couldn’t use the high speed internet (the only choice in my area) and make myself a victim of the hacker so I wrote a letter detailing my ordeal to the Security Dept. naming the people I have talked to and detailing my story and how I was being forced out of their high speed internet service because of another person impersonating me thru my MAC and IP address. I closed my account and had to get back to dial up service.

After a year I got brave enough to reopen my account but this time I rented a modem from the ISP so I didn’t loose my money if somebody spoofed my equipment again. I have been almost three years and the experience hasn’t been repeated. Now I have installed a wireless network at my home in order to connect my daughter’s computer to the internet. I’ve been reading about how to secure it but my previous experience has got me a bit paranoid, specially with the higher vulnerability of Wireless networks.

What would be the best way to protect my MAC address against spoofing? If a person could do it when it was only one wired computer connected with a cable to the Cable Modem how easier it might be now that I have a wireless network? My brother in law says not to worry, that a bolt of lightning doesn’t falls twice on the same spot but I can’t help to feel very paranoid.

windows password question

Minxcomp1 — Tue, 17 Jul 2007 00:09:16 +0000

I recently purchased a computer from a “going out of business” sale for my fathers business and when I try to logon to Windows I get the logon screen with domain. I have a valid username and password but obviously i am not connected to a domain. I need to bypass this if possible. The safe mode trick that I see all over did not work. Please help as our business is suffering!!!

Selecting an area within security to start

Secmax — Sun, 24 Jun 2007 16:06:15 +0000

Hi,
I’m studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I’m also studying for the CISSP.

Now, with all these qualifications, could you please tell me which would be the best position for me to apply for in order to get a start, and if I try that position what would my options be when I gain some experience.

Thank you!!