Any network can be subjected to security compromise. There is no amount of coding or access control that can ultimately prevent an attack to a network. However, there is a need for any organization to ensure that their networks are safe and their incidence responses are effective. There are many tactics and tools that are employed by attackers to evade any detection by the investigation or incidence response teams, remain anonymous and to avoid attracting any attention by looking like normal users.
If this fails, the attacker has the ability to degrade the system to make investigations more complicated. It is also important to note that the attackers are always technically more advanced than the security staff managing the network security monitoring systems and in some cases may be more sophisticated than the investigators (Mobrien, 2003). There are a many tools that are available to intruders that can be used to penetrate the network security monitoring systems.
These tools are available in the internet including vulnerability of different software and how to develop programs that can penetrate networks. Other than being readily available, these tools are becoming increasingly easy to use making it possible for anybody with basic knowledge to be able to attack a computer network. Some of these tools include programs such as remote penetration and local penetration that can control a computer in the network without any authorization, network and vulnerability scanners, password crackers and sniffers (Mobrien, 2003).
The attacker employs different tactics to promote anonymity. This is by using all means to separate all possible ties between the computer to which the attack is directed and the computer in which the attack is launched. This can be done by first compromising a system that is then used as a stepping stone, forging the IP address (spoofing) or using a service provider’s netblock. He can also remain anonymous by launching the attack from a trusted host who may be a close business associate or exploiting the vulnerability of the client rather than the server.
To frustrate any investigation or incidence response to the attack, the attack may prefer to use public intermediaries such as an IRC channels. Rather than trying to remain anonymous, the attacker may evade detection by providing false leads to the incidence response or investigation team. This can be done by properly timing the attack to ensure that the duration between probes is sufficient to confuse the investigators. Other methods of evading detection include distributing the attack or blocking the web defacer.
Moreover, it is important to note that by the attacker appearing normal or a legitimate user of the system is an effective way of frustrating incidence response (Bejtlich, 2004). Although protecting the network from such sophisticated malicious attack is in many instances considered a trivial task, there are some incidence responses considerations that need to be incorporated in the network security monitoring systems. Some of these security measures include an intrusion detection system that detects an intruder in the network and strict security policies in the organization.
The staff dealing with the systems must also be well equipped with incident response handling abilities. The staff should be aware of when to inform the police or called emergency incidence response. The staff should also be able know when the network has been broken and the most appropriate measure to take. It is also suggested that administrators or consultants with high level of knowledge and experience in systems vulnerability and management should handle incident responses (Mobrien, 2003).