Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 7. Technical Insider Threat Cont... > Control 1: Use of Snort to Detect Ex...

Control 1: Use of Snort to Detect Exfiltration of Credentials Using IRC

Our first control was modeled after an insider IT sabotage case that occurred at an Internet Service Provider (ISP). We chose this case because it enabled us to illustrate a fundamental concept in insider threat mitigation: You should consider using your intrusion detection system (IDS) to detect not only intrusions, as the name suggests, but also exfiltration of sensitive information. Snort is a popular open source IDS tool that could easily be tuned to examine inbound as well as outbound traffic.

A technical support employee at an Internet service provider (ISP) had extensive ties to hacker groups, used several online aliases, attended organized hacker meetings, and communicated with hackers from work in online IRC chat sessions. A coworker of the insider discovered that the insider was attending organized hacker meetings.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint