Network Security Defense
Organizations should consider the ever-growing sophistication of attacks to avoid falling victim to intrusions that disrupt day to day business activities. Network administrators are expected to protect the network by educating employees on social engineering attacks and creating an incidence response team. Besides that, additional measures that focus on the logical aspect of the network should be implemented. Such measures involve integrating network protection techniques such as firewalls, enforcing segmentation, collecting and analyzing logs, ensuring proper access controls, and using IDS/IPS systems. System logging could be a reliable way to fortify businesses against cyber-attacks such as worms, viruses, DoS attacks, spyware, and other such system intrusions, for it aids monitor human behavior on the network.
System logging is recording and monitoring all the events that occur when a computer is turned on. These events range from firewall updates to logins to emails. An electronic audit log file is usually examined during monitoring to determine whether any unauthorized activities took place (Miller, 2019). If unauthorized activities are detected, the file is transferred to a central database for further investigation. Logging processes are important because they keep the system responsive and agile to events such as weaponization, reconnaissance on the network environment, command and controls, installation of malware, and determining the adversary (Miller, 2019). An organization benefits from system logging because it helps the IT security team to detect breaches, reconstruct events, and create speedy recovery processes.
Upon detecting an incident, there is a need to evaluate certain logs that may lead to the problem (Glover, n.d). Password changes are some of the logs to analyze as they may narrow the search down to the activities performed by those accounts. Unauthorized loggings are also another area to consider as they point to malicious access to the network. Login failures and new login events are also indicators of suspicious activities. Besides those, file name changes, file integrity changes, and file auditing are crucial logs to consider during an incident investigation. New user accounts and disconnected events can also be evaluated when all else fails to yield results.
Overall, the issue of socially engineered attacks can be mitigated by system logging. Since logging gives a record of all events within a network, it becomes easy to identify the most recent logins and failed or unauthorized activities. However, the aspect of educating employees should not be neglected since they are the center point when interacting on the network. Both logical and personnel approaches should be considered to achieve holistic security measures.
Bisson, D. (2019). 5 Social Engineering Attacks to Watch out For. Retrieved from https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/
Glover, G. (n.d). The importance of Lg Management. Retrieved from https://www.securitymetrics.com/blog/importance-log-management
Miller, J. (2019). What is Security Logging and Monitoring? Retrieved from https://www.bitlyft.com/what-is-security-logging-and-monitoring/