This Site Shows Who Is Hacking Whom Right Now — And The US Is Getting Hammered
By Jeremy Bender | Business Insider – 14 hours ago
ricky l • Remove
With current Network and IT technologies, I thought mapping likely cyberattack into graphic interface - from source to destination plus what type of attack are not a too difficult things to do.Reply
In fact, aritificial intelligence such as expert system to recommend counter measures to block, prevent, mitigate or rectify cyberattack can also be developed.
For eg. valid IT transactions are what is expected - based on what they are programmed to do. The moment the supposedly vaild transactions or "out-of-the norm" actions are done to access a host, a website, a server or a network devices - then it is deemed to be a cyberattack, and when this happen the source devices that attempt to do this "abnormal access activities" and in particular, abnormal repeated access should be raised as alarm and appear on the graphic interface of the suspected cyberattack monitoring system.
For eg. of authorised, normal and valid IT transactions are :-
(1) Web access - to do normal public web or intranet web browsing, posting, valid online form completion etc.
(2) Application access - normal application transaction based on what IT programs are written to do - eg. accepting inputs from web-services, update database etc.
(3) Database access - normal database access by application program as programmed.
For eg. of unauthorised, abnormal, invalid IT transactions are :-
(1) ping sweep - to detect and learn IP address of all the network devices, servers, virtual machines and servers etc.
(2) tcp sweep - to detect tcp ports for access to tcp applications
(3) udp sweep - to detect udp ports for access to udp applications
(4) many unauthorised access - like attempt access directory services, access database bypassing application program access, keylogging of userid & passwords, sniffing and capturing system data, snmp data, logging data, rmon mibs, snmp mibs, access files and folders, access system folders, files, registry etc
There are many security products, software, system out there that can detect many abnormal IT or network activites - when they are properly correlated, perform security analysis, forensic etc. - will be able to provide a good estimate that cyberattack has taken place - and this can be send to the graphic interface of the suspected cyberattack monitoring system.
Eg. of security products, software, system that can prevent or detect suspected cyberattacks are :-
(1) firewalls
(2) IPS or IDS - ie. Intrusion Prevention System, Intrusion Detection System - network or host
(3) SIEM - Security Intrusion Enteprise Management System
(4) Anti-virus software - to detect, quarantine or clean virus, worms, spyware, malware etc.
(5) Data diode
(6) IPsec VPN, SSL VPN
(7) Central Logger - to consolidate all system, server, network logs
etc.
ricky l • Remove
In addition, the following are already possible :-
(1) Network Management System - can already make use of SNMP MIBs v3, v2c, v2, v1 and RMON MIBs or ICMP discovery - to display the health, availability, performance etc of all network devices, servers, Virutal Machines.
(2) Application Management System - can already monitor the health, availability, performance etc of most if not all Web services, Application services, Application Program, Databases etc - using the respective applications templates and platform or TCP, UDP discovery.
(3) Security Monitoring System - based on the all the system logs, secuity logs, access logs etc collected from all devices, security probes etc = to do detection, analysis, forensic etc
Thus developing a Cyberattack Monitoring, Alert System is not a too difficult task to do.
Moreover, everything happening in the Internet are based on TCPIP - whether IPv4 or IPv6 that are using standard protocols and internet services like mac address ip, snmp, dns, dhcp, telnet, ssh, ssl, ipsec vpn, html, xml, tcp, udp etc = which are traceable from end to end - ie. from source to destination and from destination to source.
ricky l • Remove
In other words, what we need is a :-
"Internet Monitoring System" !!!
No comments:
Post a Comment