Small Business Defense – Network Exploration
Really, once they’re in, there is little you can do. If the attacker gets in too far, you’ll never know where the attacks are originating so unless you’re willing to build a completely new network with all new systems and applications, they’re there to stay.
One thing you can do is to segment your network ruthlessly. If sensitive traffic doesn’t traverse the weaker zones, an attacker will have a much harder time getting to the parts that matter. Another is to eliminate all the systems you can. A simpler network is easier to both maintain and to defend. If you know each and every system on the network and what it should be doing, it is easier to identify when odd things occur. You should also encrypt everything you can. Now, this isn’t a perfect solution, as in order to be useful the traffic has to be decryptable, but it does limit the number of targets that the attacker can find useful.
Lastly, you should familiarize yourself with the tools mentioned yesterday: Ettercap, DSniff and p0f. While it’s not about the tools, it is useful to understand what attackers can do. All three are available on the Backtrack LiveCD so you don’t even have to worry about installing them yourself (which can be tricky, depending on your OS).