Intrusion Detection

Intrusion detection helps to prevent hackers to access your network and data

No piece of software is perfect, and you can always count on hackers to attempt to exploit those vulnerabilities.

To prevent hackers to get access to your network and data, e-BO Enterprises uses different techniques to detect threats the moment they arise:

Activity monitoring
This is a wholesale monitoring of any user access and system events. Part of this task is to track user policy violations as well as to detect abnormal activity patterns and detectible attack patterns.

Configuration check
Are your systems and networks configured correctly? Are there any detectable vulnerabilities in system configuration files? Are there any hosts listed in the network host file that shouldn't be? Each machine on a network should be checked periodically.

General machine check
Each machine on a network should be checked periodically for a variety of potential problems. If one machine on your network has been tampered with, all machines should be checked.

File authorizations check
Files should be checked to determine if user and group authorization settings have been tampered with.

Hidden files check
Are there any unexpected/ hidden files anywhere? These could be viruses, keyloggers, password crackers, spyware, etc. Depending on the OS in use, files could be hidden by using a certain naming convention.

Log file examination
Server, process, router and other security logs can show intrusions through data mining of recorded events. Log files can show clustering of access from specific locations and/or frequency patterns. Keep in mind this type of ID is not in real-time.

Packet sniffer check
Are your systems running unauthorized network monitoring programs, aka packet sniffers? These might be recording user account data.

Scheduled processes
Check for both unauthorized processes running as well as what appear to be authorized processes running unusual files.