I am a newly appointed administrator for a large company. I have been tasked to check if our network has any weak links internally for attacks. I have witnessed a colleague try and intercept data from workstations to the server and try to hack our network routers and switches.
Would you be able to point me in a direction where I can monitor activity
like this? What's more, some of the tools used by this colleague are freely
available off of the Internet. Would you know of any sites that I can investigate to put a secure network in place?
Run a tool such as LanGuard to do what is called a vulnerability assesment. LanGuard will provide a free 30-day license, which will allow you to scan your network for weaknesses. In the past it was okay to have secuirty threats inside the network, but not anymore. Your internal systems should be as secure as any Internet device. The LanGuard tool will provide easy to read reports, plus do a whole bunch of things that you are usally changed $10,000 plus by security consutlants.
Also, your colleague is playing with fire and can be terminated if caught.
As for monitoring you can install a simple IDS system such as SNORT (which
is free, but sometimes cumbersome to setup) or invest in any of the IDS
technologies. (Here are some IDS vendors: Symantec, Entersys, Tenable and NFR Security)
This was first published in January 2004