Internet Anthropologist Think Tank: One got through.

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Monday, December 21, 2009

    One got through.

    One got through.

    Nice set up, got thru fire wall,
    past anti-virus, and two scanners.

    Set off no penetration or security
    alarms.

    PARADIGM INTEL
    Picked it up,
    We run significant demographic analysis
    on logs, and other anomaly testers.

    The paradigm intel really pissed
    me off, our security systems didn't
    pick it up.

    This freak statistic kept coming up
    and staring me in the face.
    Time and time again over a period
    of a few hours.

    And paradigm intel said we had
    a rootkit on one of our front line
    PCs.

    After 8 hrs of scans and tests,
    I was able to ID it. It got orders
    from a bot net.

    Our anti-key logger had been
    stopping it from sending any out
    going pakets, but wasn't reporting
    it, it was in the logs.

    Security has gotten so complicated,
    when all the switches aren't set right
    your security system can be blocking
    attacks without you even knowing it.

    Paradigm Intel also spotted the Ghost
    riders we had a while back I posted
    about.

    The rootkit had a key logger and was
    tracking my movement on the web,
    and was using a key operating program
    to try and monitor my activities.

    My Grandfather used to say "Security
    is like living in a vice, the tighter it is
    the more security you have and the
    less freedom you have."

    Its not an easy balance between
    security and ease of use on the
    PC.

    On our XPs 40% of the CPU
    use is just security programs
    running.

    If you really tighten up security
    then small usefull things quit working.

    We have achieved a balance of sorts.
    Hot data, intel is printed, as printing
    strips any possibility of passing any thing
    bad in a printed form.

    And ORC is used to reconstitute the
    printed works back into a computer file
    and saved on a PC that has had internet
    connections welded shut. You can't
    connect it to Internet.

    The data is then deleted to NSA standards
    from the front line PC.

    Every thing is cleaned up now, and we
    start on the back tracking to prime user.

    Now the Fun ensues we were attacked.

    Gerald
    Tactical Internet Systems analyst

    .
    Reblog this post [with Zemanta]

    Labels:

    0 Comments:

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home