Introduction to Packet Capture and Intrusion Detection/Prevention Systems

 Introduction to Packet Capture and Intrusion Detection/Prevention Systems
Malicious Network Activity Report 
Introduction

Information technology has evolved into one of the critical aspects of the modern organizational structure. Today, enterprises use different systems and techniques to improve the effectiveness and efficiency of workers (Hassan, Ahsan, & Rahman, 2012). In addition, the networks have enhanced different processes and actions that contribute to the meeting of the specific needs of customers. However, there is a wide range of risks that are associated with the use of technology including an cyber attacks and misuse of employees. In some instances, workers access the internet for purposes not related to work using the existing organization’s workstation.

These actions can expose the enterprise to risks and affect the security and efficiency of the entire systems (Gandhi, Suri, Golyan, Saxena, & Saxena, 2014). In other cases, the networks are exposed to problems like malware, injection of spyware, and different types of attacks (Gandhi et al., 2014). The occurrence of these events may adversely affect the operations of an enterprise. In the financial sector, for instance, it can lead to loss of funds and delay essential transactions. In the long run, the impact of these attacks and intrusions may be noticeable in one sector and the whole country.

When network performance issues and attacks occur, it is not strange to find employees and relevant authorities pointing fingers at each other. The IT team may blame workers while the managers may direct their fingers towards those tasked with managing the systems. Therefore, the best method to deal with the challenge and avoid its adverse effects on productivity and performance is to improve network monitoring methods and processes. The process entails looking at the packets that are either sent or received in the network to guarantee its security and efficiency. The idea behind network monitoring is that most problems that affect IT systems start at the packet level (Kaur & Saluja, 2014).

Thus, packet analysis can play a crucial role in ensuring that an organization’s IT system is kept safe at all times. The network analysis entails collecting raw binary data from the wire and converting it into a readable form that can be analyzed. The analysis is critical in investigating and detecting errors and bugs while also checking the efficacy of the network (Chappell, 2012). This report presents the evidence of the analysis that was done on the interfaces belonging to one of the banks in the United States that had been experiencing risks of intrusion and attacks. Besides, the reports highlight the primary weaknesses in the network that may have contributed to the problem that is currently faced by some of the organizations in the financial sector.

Network Architecture Overview

The events that have been reported in the US over the recent years show that networks systems are always at risk of attack from different people including cybercriminals. The effects of the intrusions can be catastrophic if not properly managed (Chappell, 2012). For this reason banks have taken it upon themselves to come up with systems and interventions that can be used to prevent and monitor potential threats (Chappell, 2012). The process of monitoring and analysis network traffic usually allows an organization to differentiate the legitimate data exchanges from those that may harm the system. It is upon the network administrators to fortify the systems so that they can prevent unwarranted access through the use of different tools and techniques (Chappell, 2012). However, for many enterprises the biggest challenges is to keeping up with the technological changes that influence the ability of the system to detect and prevent malicious activity. The bank whose system forms the basis of this particular report has been facing a growing number of cases of cyber-attacks coming in different forms such as data exfiltration and intrusions in the given period of time. Likewise, it may be the case with any other financial institutions because such interventions may have far-reaching effect on the operations of the bank, customers, and the economy of the nation. Thus, it was prudent to carefully analyze the mechanism that the organization used to monitor its systems and determine the possible reasons for the rising cases of cyber-attacks.

The bank under review in this report utilizes Wireshark as its packet analyzer. This open-source tool uses cross-platform structure to protect systems and networks from intrusions and attacks. It can run on the Microsoft Windows and other operating systems such as Mac OS, BSD, and Linux. Wireshark uses the GTK+ widget to implement a user-friendly interface that is compatible with a wide range of computer systems and networks (Tanenbaum & Wetherall, 2011). In the selected bank, Wireshark is used to capture and carefully filter live data t