Comments
When should an organisation raise a security alarm? Internet security solutions firm McAfee says when someone is trying to login at odd hours, when a system is re-infected within minutes after being cleansed of malware, or when some id is trying to login to the network from multiple points.
McAfee, now part of Intel Security, has come out with a list of some typical signals that indicate a possible compromise, intrusion or attack on computer networks. In its latest report ‘When Minutes Count’, the firm lists out eight most common attacks that watchful organisations track and neutralise.
Indicators First, alerts that occur outside standard business operating hours signal a compromised host. Off-hour presence of malware indicates determined attacks, the report points out.
Second, if a system is re-infected with malware within five minutes of cleansing, it signals the presence of a rootkit or persistent compromise. Lastly, if a user account is trying to login to multiple resources within a few minutes from different regions, it shows that the user’s credentials have been stolen or that a user is up to some mischief.
Internal hosts communicating with known bad destinations or to a foreign country where organisations don’t conduct business is one of the most common attacks, the report said. “Multiple alarm events from a single host or duplicate events across multiple machines in the same subnet over a 24-hour period, such as repeated authentication failures, indicate a problem,” the report warns.
Comments
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.