Security Basics mailing list archives
Re: Height of paranoia
From: krymson () gmail com
Date: 29 Aug 2008 18:06:19 -0000
Whomever said you need to investigate more I fully agree with. Work to further verify how the data is being leaked. You can do some of the basic configurations changes as suggested by others, like the vlan setup and mail encryption. 1) SPAN/monitor their port and capture all traffic to see if you can shake anything out that looks suspicious, especially afterhours. 2) Turn up their file auditing and monitor it. 3) If you have a firewall or NIDS/HIDS on the device or elsewhere, try to have it flag when any system not expected tries to do interesting connections to it. 4) Interview the execs further. Could it be something as simple as their secretary knowing their password, having access to their mailbox (very common), or they're forwarding email to a home account? Are they on wireless? Try to pinpoint what leaked. 5) Can you have the exec(s) craft some test emails and send them out either to each other or to you or some ficticious external recipient? Make a Gmail account of something important-sounding, then have them send an email to them with an important-sounding subject and text like "Hey, this is my new secret venture..." along with a site URL. This URL should point to a server whose logs you can check. See if anyone stumbles upon it. If they do and it's your work IP as a hit, be ready to pull web proxy or gateway log files as well so you can further pinpoint who did it on the inside of your NAT. 6) Have him change his password, for sure. 7) Verify his patch level, malware scan the system, check running processes and installed software; obvious stuff I'm sure you've done. BONUS: VPN isn't a security device? I'll bite. A VPN does provide some privacy when traversing an untrusted network, which, unless things have changed recently, does fit into the C in the traditional CIA triad... Perhaps it is a device that links two persons/networks together and offers some security in doing so, but blanket statements about VPNs not being security devices is as misleading and false as saying VPNs are totally a security device.
Current thread:
- Re: Height of paranoia stcroix111 (Aug 28)
- <Possible follow-ups>
- Re: Height of paranoia krymson (Aug 29)