The Standard

How to detect computer network intrusion

By Standard Digital | 15yrs ago

Muthoga Kioni

We are usually alert to any strange activity in our bodies. Anything out of the ordinary, high fever or that persistent pain is an alert of the existence of pathogens. These pathogens are obviously unauthorised and unwelcome.

Staying alert to unauthorised computer network activity similarly requires identification of behaviour that is out of the ordinary. The best way is to monitor the behaviour of network users.

There are various contexts in which the observation of user behaviour is vital. During these hard economic times, when drought and the global credit crunch has threatened the survival of many companies, we have witnessed mass layoffs. ICT departments are often left with numerous network accounts that have to be disabled.

Abnormal activity

This sudden workload stretches the department and some accounts are invariably never deactivated. This exposes the affected company to the risk of unauthorised access.

Of course this is not the only risk to network security. Most network breaches are usually internal. The insider threat resides with a current employee or a service provider’s employee. The use of accounts that belong to former employees and the insider threat can be detected through the tracking of network activity.

To track any abnormal network activity, you begin by analysing and mapping the normal day to day activities. These include who accesses which servers and when, when the data transfer peaks, who is authorised to access the network externally, which network services and applications are used and when. Finally, monitoring the use of removable storage devices. These parameters have to be observed and documented on a regular basis in order to build an accurate profile of what is normal for a particular network.

Detecting abnormalities

Any anomaly outside this normal profile will allow network administrators to identify breaches as they happen.

For instance, a computer programmer in a multinational company downloaded sensitive client data from the main database with the intention of selling the data to Internet data brokers. This data theft was detected while it was taking place, not after the breach, when the IT staff were alerted to a surge of data leaving the servers that did not match the normal network body language profile.

Determining the normal body profile and then detecting abnormalities is what alerts us to the presence of pathogens in our systems. This concept is similarly applied to network security.

The writer is an ICT Security and Forensic Specialist. Email: [email protected]

Related Topics

.

Latest Stories

Kenya's most hated birds pose big threat to Coast ecosystem
Kenya's most hated birds pose big threat to Coast ecosystem
Health & Science
By Gardy Chacha
42 mins ago
How invasive species became Kenya's million-bird menace
Health & Science
By Gardy Chacha
42 mins ago
Transition crisis as over 200,000 learners fail to reach Form Four
National
By Lewis Nyaundi
42 mins ago
.

The Standard Insider

Against the Tide: Karua's journey of becoming 'Iron lady'
By Sharon Wanga 42 mins ago
Against the Tide: Karua's journey of becoming 'Iron lady'
Gachagua to Ruto: I am out of the way, now deliver to Kenyans
By Irene Githinji 42 mins ago
Gachagua to Ruto: I am out of the way, now deliver to Kenyans
Transition crisis as over 200,000 learners fail to reach Form Four
By Lewis Nyaundi 42 mins ago
Transition crisis as over 200,000 learners fail to reach Form Four
New team to probe pension billions owed by counties
By Brian Ngugi 42 mins ago
New team to probe pension billions owed by counties
.

Digger Classified

GET OUR NEWSLETTER

Subscribe to our newsletter and stay updated on the latest developments and special offers!

CONNECT WITH US

FOR THE LATEST JOB ADVERTS

join Digger Classifieds telegram channel
The Standard
© 2024. The Standard Group PLC. All rights reserved