How to Monitor an Attack on Your Network?

EdificerEdificer Member Posts: 185
Are there any tools for that? Does it have to be from the ASAs? Are there any commands you can use on there? We have an authorized penetration attack tomorrow on our network. I want to know how I can monitor it from my side. Please let me know if you've been through such an experience, or have any ideas. Thanks!

We have a closed network, so no open ports and such. No internet browsing either.
“Our greatest glory is not in never falling, but in rising every time we fall.” ― Confucius

Comments

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Network device logs, IDS alerts, host-based detection systems, flow-based abnormalities, irregular application detection patterns, server app logs, other triggers that may exist in your network.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • EdificerEdificer Member Posts: 185
    Thanks! That puts me on track! I have another question for you, do you think a remote attack on a closed network is possible/successful? Provided they know the IP address of our ASA outside interface. Although that is all. Again, our network is just for internal sharing, no internet access/browsing.
    “Our greatest glory is not in never falling, but in rising every time we fall.” ― Confucius
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    It'll be harder, but never impossible. All hardware and software is made by human beings which means there's always an undiscovered bug somewhere. Could there be a way to cause the firewall to fail open somehow? Likely not, but you should never assume appliances are perfect (especially with a vendor like Cisco who traditionally has not had a lot of security credibility). More likely however is potential misconfiguration or lax configuration standards.You also must consider additional bypass potentials on a supposed air-gapped network - social engineering, USB connections, wireless, and so on.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • ramrunner800ramrunner800 Member Posts: 238
    Security Onion is a Linux distribution that provides a pretty good all in one package for lots of the things docrice mentioned. It's like the Kali of network security monitoring.
    Currently Studying For: GXPN
Sign In or Register to comment.