Computer security breaches present an important challenge to network administrators. A compromised computer is not only a threat to the whole network due compromise on confidential security, but it can easily be used to introduce to other threats such as viruses. Network Administrators and Managers use various devices and tools to monitor unusual activities on the network. One of such tool is an Intrusion Detection System. Its importance is highlighted in the following scenario.
An Intrusion Detection System can detect an attack and help in limiting the damage resulting from the attack.
You get an alert from the IDS telling you that somebody is trying to connect repeatedly to port 3389 of the computer at 192.168.2.124. While you are sitting at the computer, the mouse pointer starts moving by itself.
Describe What Your Mental Approach to These Events Should Be.
Throughout these events, I will remain calm and focused. When receiving an alert from IDS, I would take it as a suspicion due to the fact the IDS are rarely perfect and would further investigate the root cause of event. From port 3389, I would understand that somebody is trying to gain remote access through application sharing protocol to 192.168.2.124 (AuditMyPC, 2009). When on the affected computer, and the mouse starts to move, I would take it as a done computer security breach, and would move to take further step for limiting the damage from the event (Whitman & Mattord, 2007).