One got through.
One got through.
Nice set up, got thru fire wall,
past anti-virus, and two scanners.
Set off no penetration or security
alarms.
PARADIGM INTEL
Picked it up,
We run significant demographic analysis
on logs, and other anomaly testers.
The paradigm intel really pissed
me off, our security systems didn't
pick it up.
This freak statistic kept coming up
and staring me in the face.
Time and time again over a period
of a few hours.
And paradigm intel said we had
a rootkit on one of our front line
PCs.
After 8 hrs of scans and tests,
I was able to ID it. It got orders
from a bot net.
Our anti-key logger had been
stopping it from sending any out
going pakets, but wasn't reporting
it, it was in the logs.
Security has gotten so complicated,
when all the switches aren't set right
your security system can be blocking
attacks without you even knowing it.
Paradigm Intel also spotted the Ghost
riders we had a while back I posted
about.
The rootkit had a key logger and was
tracking my movement on the web,
and was using a key operating program
to try and monitor my activities.
My Grandfather used to say "Security
is like living in a vice, the tighter it is
the more security you have and the
less freedom you have."
Its not an easy balance between
security and ease of use on the
PC.
On our XPs 40% of the CPU
use is just security programs
running.
If you really tighten up security
then small usefull things quit working.
We have achieved a balance of sorts.
Hot data, intel is printed, as printing
strips any possibility of passing any thing
bad in a printed form.
And ORC is used to reconstitute the
printed works back into a computer file
and saved on a PC that has had internet
connections welded shut. You can't
connect it to Internet.
The data is then deleted to NSA standards
from the front line PC.
Every thing is cleaned up now, and we
start on the back tracking to prime user.
Now the Fun ensues we were attacked.
Gerald
Tactical Internet Systems analyst
.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=606c4148-0ff9-419c-bdac-b2af3263e687)
Nice set up, got thru fire wall,
past anti-virus, and two scanners.
Set off no penetration or security
alarms.
PARADIGM INTEL
Picked it up,
We run significant demographic analysis
on logs, and other anomaly testers.
The paradigm intel really pissed
me off, our security systems didn't
pick it up.
This freak statistic kept coming up
and staring me in the face.
Time and time again over a period
of a few hours.
And paradigm intel said we had
a rootkit on one of our front line
PCs.
After 8 hrs of scans and tests,
I was able to ID it. It got orders
from a bot net.
Our anti-key logger had been
stopping it from sending any out
going pakets, but wasn't reporting
it, it was in the logs.
Security has gotten so complicated,
when all the switches aren't set right
your security system can be blocking
attacks without you even knowing it.
Paradigm Intel also spotted the Ghost
riders we had a while back I posted
about.
The rootkit had a key logger and was
tracking my movement on the web,
and was using a key operating program
to try and monitor my activities.
My Grandfather used to say "Security
is like living in a vice, the tighter it is
the more security you have and the
less freedom you have."
Its not an easy balance between
security and ease of use on the
PC.
On our XPs 40% of the CPU
use is just security programs
running.
If you really tighten up security
then small usefull things quit working.
We have achieved a balance of sorts.
Hot data, intel is printed, as printing
strips any possibility of passing any thing
bad in a printed form.
And ORC is used to reconstitute the
printed works back into a computer file
and saved on a PC that has had internet
connections welded shut. You can't
connect it to Internet.
The data is then deleted to NSA standards
from the front line PC.
Every thing is cleaned up now, and we
start on the back tracking to prime user.
Now the Fun ensues we were attacked.
Gerald
Tactical Internet Systems analyst
.
Labels: One got through.
posted by gerald at
12/21/2009 03:45:00 AM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home