0

Hello all,
I 'm new to network security and have few question to be clarified.
I will appreciate if experts give me a proper defination.

1)Security incident has happened , a hacker 's hacked into a monitored network what should be done?
2)Definition of port scanning
3)Who's responsible for overall security of a company/organization?
Thanks,
Kev

2
Contributors
1
Reply
2
Views
7 Years
Discussion Span
Last Post by Acrimonus
0

Hello all,
I 'm new to network security and have few question to be clarified.
I will appreciate if experts give me a proper defination.

1)Security incident has happened , a hacker 's hacked into a monitored network what should be done?
2)Definition of port scanning
3)Who's responsible for overall security of a company/organization?
Thanks,
Kev

1) "Hacking" into a network is a pretty broad term. The biggest threats to network security by far are the users downloading malware which opens up routes of attack from automated methods. Botnets, particularly for fueling email spam, are the most common use of this. Port scanning isn't typically effective on the outside since any organization that gives a hoot about security will be monitoring for port scanning, that and you also require an open port with an insecure program listening on that port. If you have no program listening on that port the packets just fall to the floor.

Typically what is done for external port scans is a program is used to either block that IP or, sometimes more effectively, using a third system to set TCP reset packets to the two talking computers causing them to drop connection every time there is an attempt to establish one (in theory anyway).

In the case of malware it is simply disconnected in infected machine(s) and scanning them with anti-malware programs and/or re-imaging them.

If for some crazy reason a "hacker" is able to do some sort of command and conquer attack and gain root access to one or more systems you could just disconnect the affected system. The person with access to the hardware wins, always.

2) Port scanning uses a program to send packets to an array of ports to analyze their response to see if they are open, closed, filtered, etc. There are a wide variety of types of port scanning, google port scanning for a more in depth explanation about the many types. One such type of port scanning sends a request packet to a port and looks to see if it sends an ack (acknowledge) packet back.

3) Depends from company to company. Sometimes in very small companies they rely solely on the users for security, but for big companies they sometimes with either have dedicated in house security professionals or they will hire out an outside consulting company to do it for them (like me!).

Edited by Acrimonus: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.