Page 6 - Cyber Warnings
P. 6
local installation, and allow the administrator define configuration settings such as selecting the
network adaptor to monitor, and the “Red Flags”, or snippets of sensitive data that would
indicate an imminent data breach.
After downloading the ZIP file from the download link on the website, there will be a readme
file, the WinPCap driver installation executable, and the Active Intrusion Detection Monitor
installation file contained within the ZIP. The core functionality of the monitoring software is
provided by WinPCap, which is a network packet capture driver, which is used by software
packages such as WireShark - a popular network packet sniffing tool. This driver should be
installed prior to the installation of the Windows service. You can install using the bundled
WinPCap installer, or download the latest version from https://www.winpcap.org
After WinPCap is installed, then the Active Intrusion Detection software can then be installed,
this is done by clicking on the MSI, or setup.exe, and following the on-screen instructions. Once
this is installed, a new Windows service named "Active Intrusion Detection" will be installed on
the local system, and begin running. On first run, this will await configuration via the website
https://www.activeintrusiondetection.com/ Once installed, the user should visit the website
https://www.activeintrusiondetection.com/, from the same PC that you have installed the
Windows service, where the website should detect a local installation, and ask you to configure
the service. You then press the configure button to continue.
On filling out the form, including an email address, a password, selecting the network adaptor
connected to the Internet, and adds a Red Flag (a piece of text that represents some sensitive
data that you don't want to be sent insecurely). Then the user presses save. Within 30 seconds
the Windows Service should detect the change and begin monitoring your network, and the
Windows service should transition between the “Starting” and “Running” states. Active Intrusion
Detection does not prevent or block a hacker or careless employee from sharing company
secrets with the outside world, but it can help notify network admins to that they can act swiftly
to reset passwords, or otherwise nullify the effect of the breach.
If the data being leaked is sent via secure means, such as over a VPN, or HTTPS, then the
network monitor will not detect the breach - however, it would be most effective against
accidental data leaks by careless employees, rather than hackers who are aware of all the
security systems employed within a network.
About The Author
Fiach Reid is the Director of Infinite Loop Development Ltd, he is also the
author of “Network Programming in .NET”, published by Elsevier Digital Press.
Fiach has 15 years software development experience, primarily in C# / .NET –
he is based in Ireland, but regularly consults for clients in the USA, Australia,
and the UK. Fiach can be reached online at [email protected] - or via Twitter
at @webtropy, and at our company website http://www.infiniteloop.ie
6 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide