We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

How to prevent internal intruder

belim
belim asked
on
Medium Priority
521 Views
Last Modified: 2013-12-04
I am network administrator in one of the company in malaysia, and a novice in IT security.
Lately, an internal intruder who able to sniffer the packet in my network send an email to me everyday, and telling me all the activities that i did. For eg. The content of email that i sent out by using my hotmail account, attachment file sent, the files that i transfered over my internal network.
I felt so unsecure now, i am keen to know what are the tools available that enable the internal intruder to do so, and any tools avaiable to overcome this problem. Please help............
I am using PIX firewall and ISS realsecure IDS in my network, and all kinds of cisco router and switches.
Comment
Watch Question

Security Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
If talking about email as example, Any Network IDS that available in the market that can sniffer the packet and re-arrange it back to the original content and attachment. My understanding IDS is just a piece of software which provide log details?????
Rich RumbleSecurity Samurai
CERTIFIED EXPERT
Top Expert 2006

Commented:
IDS' detect packet's that meet certain goal or criteria. Packet Inspecting firewalls are capable of redirecting packets, overwritting them, and various other manipulation. We use our ids to detect exploits and various other unwanted network traffic- virus's being the main target for detection. IDS stands for Intrusion Detection System- they are inteded for the most part to find "hacker" activity and policy violations on your network.

I offered a way to catch, or attempt to catch the person sniffing on your network- trywaredk is telling you how to encrypt your email. The intruder could be using any number of sniffers, the most popular are Ethereal and TcpDump.
If you put your PC on a seperate Vlan- and you still get an email about your activity, then you've got 1 of 2 things going on.
1) your pc is compromised with a key logger, remote view, or some sort of activity logging program
2) your "hacker" has the ability to span your port on the cisco switch... which means you need to change the passwords on the switch, with a laptop or pc NOT plugged into the network- and using the cisco console cable- there is no way to sniff the console cable- then reboot the switch, because if he still has a session to your switch, that will knock him off.

Scan your PC with McAfee or some other anti-virus to be sure your not compromised. Ad-Aware will also detect bunches of trojan programs. The scanners I linked to can catch NIC's sniffing the network, give them a try.
GL!
-rich
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.