If you are a network administrator the worst news that you can hear when you are away from the office is that your network has been breached. It might be the worst news that you can hear even when you are in the office. But when you operate a large network there are going to be some bad guys from around the world who are going to try and infiltrate it every day. Some of them might have a certain goal while others are just trying to see which networks are open. But if one of them is able to get into your network, what can you do?
While of course the first thing that you should do is to kick them out, what else can you do if your network has been violated? The first thing that you should do right after you have kicked the invader out is to try and see how they were able to get into the network in the first place. There is going to be a vulnerable point that is found on your network and you need to make sure that you find it quickly. After you have found and patched the vulnerable point in your network, what’s next? Now it is time to go after the person who was able to infiltrate your network design. While you might chalk it up to the legal process, in the back of your mind I am sure that you are thinking about revenge.
The first steps in finding the bad guy
Trying to find someone who has hacked into your network is not easy work. There are a number of different factors that go into whether you are going to catch the person or not. One factor is whether the person was good or not. If the hacker is good then he is not going to leave that many footprints behind. If the person who got into your machine was an amateur then there are probably a dozen ways that you can find him.
You must remember that even though you may have a professional security system set up, the bad guys share secrets. An amateur may get the secret from someone better than him and use it to get past your set up. The difference between an amateur and a pro is that the pro knows how the entire system works. He knows what parts of an operating system is going to leave logs of his visit. So he knows enough to go erase them. Any part of the machine that can lead to his identification he already knows about.
So, knowing this, the first thing that you want to do is to check your own system for leads. Check the usual places and see if he was able to leave any trace at all. An IP address, evidence in the network log file, anything that proves he was there. If you find something then that means they are probably someone you can catch. If not then that means this person is probably good.
The next step
After you check your system and have found nothing, the next step is to go online and see if you are able to pick up any chatter. Even black hat hackers who are good love to talk about their exploits. Not all of them, but enough of them that you might get lucky and find out the information that you need. Go to some of the more popular hacker boards that are on the internet. While it may not seem like it, the intelligent bad guys will talk on them as well. If you cannot find anything there then go to some of the IRC hacker rooms. There is a good chance that you will have to work hard for an invite to some of these rooms. Some are very selective with who they let in and for very good reasons – to try and stop people like you! So all you can do is to try your best and monitor the traffic that is going through. If someone has been bragging about a big attack on a network it is in places like these that you will hear it first.
If you can, try to check with the company providing you your internet service as well. See if they got the IP address of the person who accessed your network at that time. And try to follow the trail in that manner. This will be very hard because if you have a large network then that means you might have up to a thousand people accessing it per second. But it is a way that you can try to find the bad guys albeit a hard way.
There are several ways that you can go about trying find the people who hacked into your network. But no matter which way you try you should know that it is going to take a lot of due diligence to find the people.