Solved

Network intrusion

Posted on 2013-01-08
2
462 Views
Last Modified: 2013-01-08
Hi  - There have been rumours in our office about an employee who apparently has access to the private network from an external location.

Is there any means of discovering evidence of network intrusion from the inside. We are running Windows SBS 2011, Exchange 2010. Running Netgear FVS 124G Firewall.

Where should I start looking?
0
Comment
Question by:paulmac110
2 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 250 total points
ID: 38753832
The most obvious thought when somebody mentions this is the likes of LogMeIn.  If this is installed on a client PC inside your building and is allowed to get out to the internet then yes, the individual can now gain access to that computer from the outside world.

If you know who the individual is then I would start by looking at what software is installed on their work computer.

Also of course there is the posibility that your firewall and server allow RDP connections from the outside world.
0
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 250 total points
ID: 38753842
Agree, check for software like logmein, teamviewer, etc.
The next step is to monitor the firewall to see what connections are there from the outside to machines on the inside.
If you know who the user is you can check on the server for logins from that user at the moment he/she is not in the office.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question