Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Height of paranoia

From: krymson () gmail com
Date: 29 Aug 2008 18:06:19 -0000
Whomever said you need to investigate more I fully agree with. Work to further verify how the data is being leaked. You 
can do some of the basic configurations changes as suggested by others, like the vlan setup and mail encryption.

1) SPAN/monitor their port and capture all traffic to see if you can shake anything out that looks suspicious, 
especially afterhours.

2) Turn up their file auditing and monitor it.

3) If you have a firewall or NIDS/HIDS on the device or elsewhere, try to have it flag when any system not expected 
tries to do interesting connections to it.

4) Interview the execs further. Could it be something as simple as their secretary knowing their password, having 
access to their mailbox (very common), or they're forwarding email to a home account? Are they on wireless? Try to 
pinpoint what leaked.

5) Can you have the exec(s) craft some test emails and send them out either to each other or to you or some ficticious 
external recipient? Make a Gmail account of something important-sounding, then have them send an email to them with an 
important-sounding subject and text like "Hey, this is my new secret venture..." along with a site URL. This URL should 
point to a server whose logs you can check. See if anyone stumbles upon it. If they do and it's your work IP as a hit, 
be ready to pull web proxy or gateway log files as well so you can further pinpoint who did it on the inside of your 
NAT.

6) Have him change his password, for sure.

7) Verify his patch level, malware scan the system, check running processes and installed software; obvious stuff I'm 
sure you've done.


BONUS: VPN isn't a security device? I'll bite. A VPN does provide some privacy when traversing an untrusted network, 
which, unless things have changed recently, does fit into the C in the traditional CIA triad... Perhaps it is a device 
that links two persons/networks together and offers some security in doing so, but blanket statements about VPNs not 
being security devices is as misleading and false as saying VPNs are totally a security device.
Previous By Date Next
Previous By Thread Next

Current thread: