Question

We shall, for the hypothetical purposes of the workshop/tutorial, consider a number of computers of ACorp have been accessed by an external group of unknown persons, to be hazardous to the remainder of the computers on the network. Your client - ACorp - has a large network of desktop and server computers that span a reasonably complex network.

For your client, prepare a couple of paragraphs and references (urls, documents) for each of the following tasks (can be business language high level and/or technical detail at low level);

PART 1

Logging traffic Find relevant techniques or recommendations for systems that allow logging the unusual traffic. How can unusual traffic be logged? What tools or software can be deployed?

PART 2-

Analysis of traffic Find relevant techniques or recommendations or organisations that allow for analysis of the unusual traffic. It may not be possible to analyse this traffic effective internally to your organisation, who would approach for help?

Answer 1

Part - 1

The traffic on a network can be logged using various networking techniques, these techniques will be well known to network engineers and system admins of the network. In the primary stage first of all you need to create a map of all the known devices that belongs to your network.this can be done by identifying them with their IP and MAC address, you should keep these devices in the allowed list of devices that are supposed to access traffic of your network.Next step is to identify and log the unknown devices that are accessing your network.There are many network monitoring tools easily available in the market to perform such task, these devices can identify unusual traffic by any unknown device using their IP and MAC address.You should consider buying a licensed version of these tools to avoid any shortage.

Part - 2

To analyse the traffic and the type of data being sent or recieved over the network, first you need to inspect any suspecious traffic. Because if there are huge no. of devices in your n/w , you cannot monitor all of them.so use some network monitoring tools and identify any outsiders that are accessing your network.

The next step is analyzing data packets which are being sent or recieved through your network. Packets are basically a chunks of byte data which collectively creates stream of larger data set like videos and audios.To analyze the data over the network, the most common technique is Packet sniffing.packet sniffing can be done with the monitoring tools that can be installed on your network router or server. using this technique you can see through the kind of data being circulated over the network and you can figure out the suspicious traffic in your network.contact your network engineers to implement these changes in your network.If your organisation don't have such resources then you can outsource the resources from the organisations who are having expertise in providing networking services.