• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

Tips for Network Security Breach Investigation

by wing

Investigating  network security breach may seem to be a daunting task to someone who has no prior experience of security breach investigation. Like any other IT disciplines, you can handle and investigate network security breach better if you have are well-equipped with the necessary tools and techniques used by the professionals. No matter if you are a network engineer or a system administrator or even an auditor, you may confront situation in the future when you may have to investigate security related breaches in your organization.

What you need to do when you learn about your network breach?

At first, do not panic. Almost all of mid-size to large businesses are being breached. So, you need to accept the fact that even if you have implemented the best cyber breach detection system in the world, you are still vulnerable to the cyber criminals.  Store the network packets to safe location and investigation. You need to have proper strategies for storing network packets. Finally, you need to analyzed and look for breach signatures in the network packets.

What do we mean by effective breach investigation?

This means your investigation   lead to the evidence that is necessary to establish reliable evidence to the source of the breaches.

How easily can you find a needle in haystacks?

It depends on how big the piles of haystacks are. But if you know or can identify a particular location where the possibility of finding the needle is highest, you may be able to find out without putting much effort.

According to the breach investigators, almost, no investigation runs perfectly. The following are reasons for this:

  • Security staffs are not trained to handle breaches. Although the majority of the security staff recruited have recognized security certification such as CISSP, but only a handful of them have real life experience of handling security breaches.
  • Security team does not have enough staff who have proper knowledge of all types of technologies used in the organization’s IT infrastructure and services.
  • Fail to perform data packet analysis in the network.
  • Not looking at the right packet for forensic evidence.

What can be done?

  1. Train your security staff for breach handling.
  2. Do incident or breach response rehearsal based on different scenarios on regularly, at least twice in a year.
  3. Allocate more budgets for incident response and breach detection system.
  4. Regularly communicate with your staff letting them know that breach happens and it is better to stay prepare rather than panicking when the actually the breach happens.
  5. Prepare your every employee, not only the IT or security staff, to focus on the right response and their responsibilities when breach happens.
  6. Have representations from all departments in your IR team.
  7. Make sure you have someone in the team to perform network forensic analysis and the ability to store the packets containing evidence of breach.
  8. Though we humans are good at correlating events over short period of time, our ability to correlate the events over long period of time is poor. Therefore, store some useful packets every week or month so that you can correlate it with the data captured when breach occurs.
  9. Have a clear concept of which packets to store from where. Develop a packet storage strategy, which may include packets from which IP to store and which types of packet to be stored (email, ICMP, messaging, FTP etc.)

Related Posts:

  • 20 Ways to Secure Home Network
  • How to Protect Networks against Advanced Evasion Techniques(AET)
  • Top 20 Windows Server Security Hardening Best Practices
  • 3 Simple Steps to Secure Gmail Account from Hackers
  • 20 Types of Database Security to Defend Against Data Breach

Filed Under: Network Security Tips Tagged With: breach, cyber, network, security

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 8 Effective Ways to Impro...
  • 3 Steps to Install Miniku...
  • Yahoo Mail Security Setti...
  • How to Setup AWS CloudFro...
  • 3 Simple Steps to Capture...
  • How to Configure AAA (TAC...
  • 5 Steps to Setup a Nexus3...
  • How to Configure SNMP in...
  • How to Install AWS CLI an...
  • How to Renew Self-Signed...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com