Security Corner

Jul 31 2013   12:40AM GMT

Three ways to deal with an attack on your network

Ken Harthun Ken Harthun Profile: Ken Harthun

chuck-norris-thumbThe way I see it, you have three choices when it comes to dealing with an attack on your network:

  • Confront it. Be proactive. Go after the attackers and fight back. Bullies and cowards – which comprise most of the script kiddie population – will turn tail and run if you let them know you’re going to fight back. Even the few organized criminal elements, unless they have some political agenda and can use you to forward it, will give up easily in the face of a determined counter attack.
  • Neglect it. Let them play around and waste their time as long as they aren’t doing any real damage. Just make sure that they can’t get beyond your sandbox or firewall. Sooner or later, having not obtained anything of value, they’ll give up.
  • Turn in your resignation and run screaming out the door because you failed to put adequate security measures in place. Don’t laugh: It has happened.

By far, the best approach is to confront the threat and engage in an active counter strike. This can be done by immediately implementing logging of all attack traffic and engaging law enforcement to help trace the attack back to its source. The bad guys want to remain anonymous: Do everything you can to make them visible.

Do you agree, or disagree? Comments, please.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Michael Tidmarsh
    Does one of the ways come with Chuck Norris attached to it? That would easily put an end to the attack!
    65,700 pointsBadges:
  • TomLiotta
    Turn in your resignation and run screaming out the door because you failed to put adequate security measures in place. Don’t laugh: It has happened.   Although I went laughing out the door, I pretty much took that option.   My manager overrode a decision that I'd made about a vendor's install procedure. I followed the manager's directive; and I turned in my resignation a couple days later after thinking it over, pointing out that I could no longer hold the responsibility as security officer.   I turned in my 30-day resignation notice on Thursday or Friday; can't recall exactly. When I arrived next Monday morning, the manager immediately had me working on a problem that arose over the weekend and that was blocking all of our remote sites from connecting. I dug through history and audit logs and found that the vendor had been doing some weekend work, They had made some basic access configuration changes (using authorities granted to them by their install procedure) to make it easier for their Support group to get in to our systems.   Of course, changes for their convenience conflicted with procedures that were in place for our remote sites. I gathered the reports that I generated that showed the sequence of events and handed them to the manager. I told him it was his problem to fix since I was told to allow it by him.   I have no idea what he did to get it resolved, except that our sites had access later in the day. I'm pretty sure that the convenience changes were undone in a hurry after the vendor was contacted.   Tom
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: