Internet Anthropologist Think Tank: One got through.

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Monday, December 21, 2009

    One got through.

    One got through.

    Nice set up, got thru fire wall,
    past anti-virus, and two scanners.

    Set off no penetration or security

    Picked it up,
    We run significant demographic analysis
    on logs, and other anomaly testers.

    The paradigm intel really pissed
    me off, our security systems didn't
    pick it up.

    This freak statistic kept coming up
    and staring me in the face.
    Time and time again over a period
    of a few hours.

    And paradigm intel said we had
    a rootkit on one of our front line

    After 8 hrs of scans and tests,
    I was able to ID it. It got orders
    from a bot net.

    Our anti-key logger had been
    stopping it from sending any out
    going pakets, but wasn't reporting
    it, it was in the logs.

    Security has gotten so complicated,
    when all the switches aren't set right
    your security system can be blocking
    attacks without you even knowing it.

    Paradigm Intel also spotted the Ghost
    riders we had a while back I posted

    The rootkit had a key logger and was
    tracking my movement on the web,
    and was using a key operating program
    to try and monitor my activities.

    My Grandfather used to say "Security
    is like living in a vice, the tighter it is
    the more security you have and the
    less freedom you have."

    Its not an easy balance between
    security and ease of use on the

    On our XPs 40% of the CPU
    use is just security programs

    If you really tighten up security
    then small usefull things quit working.

    We have achieved a balance of sorts.
    Hot data, intel is printed, as printing
    strips any possibility of passing any thing
    bad in a printed form.

    And ORC is used to reconstitute the
    printed works back into a computer file
    and saved on a PC that has had internet
    connections welded shut. You can't
    connect it to Internet.

    The data is then deleted to NSA standards
    from the front line PC.

    Every thing is cleaned up now, and we
    start on the back tracking to prime user.

    Now the Fun ensues we were attacked.

    Tactical Internet Systems analyst

    Reblog this post [with Zemanta]



    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home