Design And Implementation Of Network Activity Monitoring System

INTRODUCTION
Attacks on computer by outside intruder are more publicized but the ones
perpetrated by insiders are very common and often more damaging. Insiders
represent the greatest threat to computer security because they understand their
organization’s business and how their computer systems work. They have both
the confidentiality and access to perform these attacks. An inside attack will
have a higher probability of successfully breaking into the system and
extracting critical information. The insiders also represent the greatest challenge
to securing the company network because they have authorized level of access
to the file system.
In a quest for maximum profitability in a network, there is need to monitor the
activities performed such that the network activity in a real time would be
tracked, confidential information safeguarded and control over the daily
activities of every staff established. The question is: which and how would one
develop the so much needed system that would exhibit all these potentialities?
Network activity monitoring system is used to detect inside threats by
monitoring file access and process activity (Behr et al, 2009). It is a powerful
tool that allows one to track any local area network, giving you the most
detailed information on when, how and what your network users do on daily
basis. If it is a library public network, university or commercial organization
network, Activity Monitor offers efficient control. This work targets the
monitoring of every activity of a user in a computer network and maximizes the
security for the organization or corporate body.

1.1 BACKGROUND OF STUDY
The Federal Inland Revenue service (FIRS) is one of the federal ministries
charged with the responsibility of accessing, collecting, and accounting for the
various taxes to the federal government since 1943.
Tax revenue has been reliable from time, from where government rely for
decision making, and aids for development and administrative planning, hence
the need for optimum human resource of the organisation or ministry; for it’s
considered to be their most valuable asset if properly harnessed and are well
motivated to perform their assigned tasks so as to enhance the organisations
goals and objectives.
Computer network activity monitoring system has become one of the vital tools
in providing evidence in cases such as computer misuse and fraud. Computers
and other devices are being used increasingly to commit, enable or support
unwanted activity perpetrated against individuals, organizations or assets.
Although it is most often associated with the investigation of a wide variety
of computer crime, network activity monitoring system may also be used in
civil proceedings. The discipline involves similar techniques and principles
to data recoveryand a lot of information is retained on the computer than most
people realize. It’s also more difficult to completely remove information than it
is generally thought. For these reasons (and many more), network activity
monitoring system can often find evidence or even completely recover lost or
deleted information, even if the information was intentionally deleted.
This system consist of two tier application – server and client whereby the
activity monitoring server can be installed in any computer in the entire local
area network and the client which is the remote spy software is installed on all
the computers on the network to be monitored.

1.2 STATEMENT OF PROBLEM
The existing system used by FIRS has been a challenge to them. Amongst the
problems affecting the FIRS from maintaining a steady reliable accounting
figures and estimates are:-
With the current system, staffs easily erase or add data in order to cover
up their fraud since there is no back up of the activity log. Frauds like
computer fraud: – loss or damage to money, securities resulting directly
from the use of any computer to fraudulently cause a transfer of money or
other property from inside the premises to a personat a place outside the
premise.
Their method of operation is not so efficient for both units in the
department (Operations and Reconciliation units).Both units cannot work
at the same time, and this is because the staffs in one of the unit
(reconciliation unit) has to wait for the staffs in the other unit (operation
unit) to get their work to some extent before they can process their own
work, and while they are processing their own work, the staffs in the
operation unit has to pause their work a little,and with this manual of
operation in the department, rooms for corporate fraud is being created.
These are the more reasons, why the researcher embarked on this research.

1.3 OBJECTIVES OF STUDY
This project targets towards discovering what should be done to improve the
existing system, monitoring the daily activities of every user in a network and
using it to provide evidence to frauds or crimes committed using computer
technology which some people referred to as digital crime; that is crime
committed using a computer system.
The objective of this work is to develop a system that should be able to;
1. Monitor the daily activities of every user in a network in real time.
2. Detect active users.
3. Provide accurate evidence on corporate fraud when investigation is being
carried out in an organization.
4. Has a good memory management for efficient carrying out of activities.

1.4 SIGNIFICANCE OF STUDY
This work was embarked upon for several reasons discussed below and again
provides answers to some questions like:
What is the value in adopting an investigation system?
Why should you invest time and money on this?
What are the benefits to organisations?
Therefore some of the significance and benefits of this work include:
Increased employers loyalty: -What ultimately creates the employers
loyalty is meeting and exceeding their expectation.
Maintaining system integrity.
Staying current on work status so as to know how well the organisation is
going.
Ensure proper handling of investigation in computing:This is the reason
why we need a careful, methodical process for gathering digital data in
the first place; and this is why we need network activity monitoring
system.
Increased employer’s retention:-The employees are an investment.
Generally, it takes nine to twelve months or longer before an employee is
a productive asset to a company. If an employee leaves after a year or
two, the company has lost most of its investment.
Information empowered decision making: –Most managers, executives
and employers make decisions based upon all relevant information. There
are some actions that can have a profound effect on corporate decision
making; those actions are more easily justifiable when you have easily
accessed the users system.

1.5 SCOPES OF THE STUDY
Although a network activity monitoring system involves many things and
activities that can be run within it, yet due to lack of time and space, we were
not able to use this software in other operating systems apart from windows
operating system (that is from windows XP to windows operating system of
higher versions). Furthermore this work did also not involve internet
connectivity as well as detection of virus in a network.

1.6 LIMITATIONS OF THE STUDY
During the course of this study, many things militated against its completion,
some of which are;
Lack of finance
Refusal of the Federal Inland Revenue Services Awka, to give detailed
answers and in some cases no answer at all to some questions.
This project is limited to all the data associated with the information
gotten from the Federal Inland Revenue Service commission, and due to
time factor, not all the commissions were reached for sources of data and
information.

1.7 DEFINITION OF TERMS
NAMS (Network activity monitoring system): This is the system that is
used monitor the daily activity of every user on a network
Corporate fraud: This is the fraud committed by insiders in a large,
publicly traded (or private) corporation, and/or by senior executives.
Real time: Occurring immediately, this is used for such task as
navigation, in which the computer must react to a steady flow of new
information without interruption.
LAN (local area network): This is computer network that spans a
relatively small area. Most LANs are confined to a single building or
group of buildings.
Suid: A file attributes which allows a program to run as a specific user no
matter who executes it.
Corporate decision making: This is connected with a corporation, this
involves the image of a company or organization where all its members
involve taking critical decision making (finance/planning/strategy)
Internal Auditor: An employee of a company charged with providing
independent and objective evaluations of the company’s financial and
operational business activities, including its corporate governance.
Internal auditors also provide evaluations of operational efficiencies and
will usually report to the highest level of management on how to improve
the overall structure and practices of the company
External Auditor: An external auditor is an audit professional who
performs an audit in accordance with specific laws or rules on financial
statements of a company, government entity, other legal entity or
organization, and who is independent of the entity being audited.