Slashdot Mirror
Inside Symantec's 'Security Center'
dipfan writes "There's a fascinating view looking at Symantec's Virginia security centre, where the company defends its corporate clients' networks against those wicked hackers. Scary quote from the Washington Post article: 'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'"
Well, if you were trying to stay one step ahead of the people breaking into systems, wouldn't you have a network with a bunch of honeypots and as much logging as you could manage?
This is basic network security practice, no?
Every five minutes or so, a giant, illuminated globe appears on the central screen and starts to rotate, displaying the locations worldwide where hackers are launching the most attacks.
Yep.. most of it is new york, and most of the hits they are aiming for are that giant flashing thing on the rotating illuminated globe labeled "The Gibson".
Then all the Symantec people skateboard around listening to Orbital.
maeryk
Feminine Protection? What is that? A chartreuse flame thrower?
If one of their clien'ts systems get hosed do they just let them know and say sorry or do they have some kind of insurance?
FoundNews.com - get paid to blog.,
The best croporate security policy starts by not boasting about the security procedures. Not for security by obscurity, but simply not to boast and make oneself a target for crackers.
Not that they're irrelevant to hacking by any means, but "security events" probably includes every time a ping attempt passes into the network. Saying they detect 15,000 "security events" per day is pretty good propaganda from a company looking to attract clients.
Bush administration wants the federal government to develop to protect the nation's electronic infrastructure
It would be a tragedy should the terrorists win, destroy all the porn sites on the Internet. They think the US was pissed off with 9-11? Wait until we have no porn... They won't have a chance!
Tournament Management Online &
Peter Norton running around screaming "SOMEBODY ATE MY UNDERWEAR!!!" It really is a sight to behold.
So that's where all of those viruses have been originating from! Symantec has to justify their product's yearly updates somehow.
On a side note:
2003-01-09 09:20:20 Symantec's Security Central (articles,news) (rejected)
(I'm not bitter!)
... three guys, two cases of beer, one bag of pretzels, and an NFL playoff game, neither of whom gives a crap about the latest virii because their operating system doesn't support them.
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
To man the government monitoring facility, maybe the new slavery bill, proposed by Rep. Rangel of New York, can be used to supply labor for the place.
See my homepage and/or journal for a more in-depth analysis of what Rangel is proposing. Hint, it ain't just for drafting soldiers.
Eve Fairbanks says I drive a hybrid!LOL
That's nagios they have running up on the big screen in the picture of the center. As a side note, NTT/Verio uses Nagios for alot of it's monitoring as well. Their command centers always have at least one nagios view up.
Linux doesn't get Word viruses; Symantec probably writes viruses to keep themselves in business; the Mac doesn't get viruses either; Microsoft is to blame.
N.B. Viruses.
Symantec needs to balance security concerns against the need to drum up business. This article was positive press, and doesn't give crackers anything substantive to work with. Seems fine to me.
Sitting in a raised, rotating cubicle with built-in computer monitors and its own heat and light controls, Smishko pores over logs
I'm astounded. I want a rotating cubicle. With a big knob marked 'angular velocity'. In radians per second.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
I rented Tom Clancy's Netforce DVD not too long ago. It had a fictional depiction of a government Internet security monitoring task force and command center similar to what the Bush administration wants to create and what's pictured in the symantec article. The story was set around the year 2005, and they even mentioned that it was "after the second gulf war" - very prophetic indeed.
oh no, bush wants to protect our tech infrastructure.
is everything the government wants to do automatically bad here? how about the idea of someone protecting our infrastructure.... good!
the little additions every editor always skews the hell out of the conversation.
What if the headline read, "Bush administration finally takes internet security seriously and forms unit to protect infrastructure". Wow, now its good.
If i said they were using linux, youd be writing Bush thankyou letters.
There's nothing Intelligent about Intelligent Design.
I wonder what skills people need to become employed there.
"Natalie Smishko, 25, is typical of the analysts. Sitting in a raised, rotating cubicle with built-in computer monitors and its own heat and light controls."
Rotating cubicle with built in computer monitors? Sounds devious to me. Probably just down the hall from the room where they create and distribute the viruses that make their business so important... j/k
...to pinpoint slashdotted servers. It would give the term "Scorched Earth" a whole new meaning...
~~~
"The slave thinks he is released from bondage, only to find a stronger set of chains" - NIN
"Inside a cavernous room on the first floor there, security analysts for Symantec sit in long, curved rows 24 hours a day, working on computers and facing a wall of theater-size screens."
I guess regular firewalls can't protect the millions of bugs in Windows from being exploded anymore. Hmmm, pay "Mid-size companies typically pay Symantec $1,000 to $2,000 a month" or switch to a more secure free OS?
"Symatec Corporation" Is an anagram of "motto: conspiracy near"
Modest doubt is called the beacon of the wise. - William Shakespeare
washingtonpost.com also features a short video look inside the Symantec operations center in Alexandria, Va.
The Post also has a video (real) up with interviews and some views inside the building.
e ch/010603-20v.htm
k amai.com/920/washtech/010603-20v.ram
Web page
http://www.washingtonpost.com/wp-srv/mmedia/washt
Direct Link
http://mfile.akamai.com/920/rm/thepost.download.a
So close and yet so far from the world's perfect ID number
I've logged 4k+ "denied" messages on my firewall today, and that doesn't include a lot of stuff that would otherwise be included because I've stuffed it on my border router and it never hits the firewall (eg, sqlsnake).
I get sweeped on about a dozen different ports (depending on what the script-kiddie-exploit-du-jour is) on a daily basis. Are these a single event or do I count the number of nodes they tried to sweep?
It reminds me of something Roblimo wrote about the other day over at NewsForge, where he was standing in the software aisle of CompUSA looking at rows and rows of applications that exist to fix some deficiency with Windows. What will these companies do when Linux takes over?
clearly anybody that has a giant map of the world is trying to take it over.
but billg is doing better because his is 3-d projected.
Yet "subseven" gets almost no press anywhere else.
My question is this: is subseven a symantec marketing ploy to make me purchase the subscription?
hmmm,
I wonder if they log half open scans too...
Symantec and their team of tame virus writers know crap about what is really happening in the "hax0r" world.
0day exploits are what the corperate world should be fearing. Instead people like Symantec and Mcafee have scared the world into thinking that viruses are taking over the world, when in truth it's almost certainly them writing the damn things.
They have a network of honeypots in their offices and some companies around the world, and from them they decide what is going on in the world. Nonsense.
Auto-rooters and A or B class network scanners are running rampant on the net, and Symantec can do SHIT to stop it, not matter how much you pay them.
This is a strong commentary on why you should use encryption all the time:
If data is transmitted, she can see that, too -- and not only when it is moved by outsiders. Symantec has caught insiders improperly sending pre-merger details and pre-earnings data and has reported those findings to the employees' bosses.
Of course, where I'm employed, it is company policy that you can be terminated on the spot if you use encryption (for example, encrypting your email or files - I wonder if this applies to using a compression algorithm which sort of encrypts it. Or if you compress files and lock them with a password).
And theres no bugs whatsoever in linux or even security exploits for that matter. You're just as vulnerable running an unpatched linux box as you are a windows box. For large companies it might be more cost effective to pay someone else to handle the security, but I guess you never thought of that. Typical zealot trash.
Only the State obtains its revenue by coercion. - Murray Rothbard
22:30 Universal Time, Symantec Security Central, Alexandria, Virginia...
.gr.ts!.!" can be seen..
Techie 1: "We're seeing massive traffic going into Washington.. it looks like an attack is happening."
Techie 2: "Uh oh.. prepare anti-ddos measures. Where is it coming from?"
Techie 1: "All over the world.. hmm, wait.. oh my god, most of it is coming from the US itself!!This is bad.. I'm tapping into their communication.."
Techie 2: "What can you see?"
Techie 1: "I can see some words, but they're not complete.."
The screen blinks, the words "f.rs..p.st! Ea..ho.
What time is it/will be over there? Check with my iPhone app!
Poetic Technologies makes the rotating cubicle that they are using.
Looks like they are using the full-featured Aura model. Yes, we should all have one.
Correct me if I'm smoking crack here (because I'm not a network person by any means, just a lowly programmer), but doesn't Norton AV Corporate version try to find clients on a local network by doing a lookup on port 38293 and if it doesn't find it there it tries a NetBios lookup?
I wonder how many of those "pings" are caused by their own damn product?
Spread the RC luvin'
On a recent Friday, the globe showed more than 16,000 attempted break-ins originating from the United States, which often ranks as the world's top launching pad for computer hackers. Brazil ranked No. 4 with 722 attacks. South Korea, Japan, Germany and Taiwan also frequently appear on Symantec's top 10 list for malicious computer activity.
Soooo, does this mean the attack was orchestrated from said country, or the peon's comprimised computers who actually do the attacking are located there?
This could be dangerous, imagine if a kid from Seattle hacked in while looking for a games manufacturer or something. He could make the system think it's being attacked and prompt a retaliatory strike.
... so do attacks get marked with big circle and a subwoofer rumble then?
I *think* they're talking about monitoring the Internet to defend (somehow) against a concerted effort to disrupt communication -- not the TIA collection of data on people.
/. certainly, but not the whole thing...
Though I suppose anything can be abused.
I think if the terrorists want to hurt us, they won't bother with the Internet in the way currently employed by 14 y.o. kids. They'd blow up
From the article: Symantec is known as the maker of the Norton anti-virus software that runs... snip ...Mid-size companies typically pay Symantec $1,000 to $2,000 a month to monitor their networks. The firm has big clients, too -- including 55 of the Fortune 500 companies -- and does work for several federal agencies.
If the government comes up with a monitoring solution that is anything like what Symantec is already doing, and if serval federal agencies are already using Symantec, it wouldn't be too suprising to see security monitoring and what not farmed out to these corporations.
It would be interesting to see what comes from something like this. Who gets the contracts, and what "privs" do they get. What data are the corps allowed to get to, what are the restirictions on that data, and even worse, what they really do with it...
At last a legitimate reason NOT to spell check SlashPosts, this would make anagrams easy you just add or omit the letters necessary!
:P
All your anagrams are belong to us!
-Jason
Step by step instructions to building your own rotating cubicle.
FRA: STFU GTFO
My God... for those of you who've seen the article, isn't that a giant yellow jacket behind the middle chair? These guys really do work for Symantec.
Someone asked me this and I laughed, "My question is, do they have a captain's chair where a Symantec security officer can casually command the launching of electronic countermeasures?" :)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
I've always been frustrated by the media's fixation and complete lack of understanding when it comes to the country an attack is coming from. I don't think they understand that you don't have to be sitting at the computer to use it. Hopefully Symantic just has it up for show, like a screen saver, and not using it to try to direct policy, but you never know...
Travis
Although in fairness he did provide this reporter with sugar from his pocket and the Denver Broncos.
If brevity is the soul of wit, then how does one explain Twitter?
Maybe, in America, you should learn to speak English. You pathetic twit.
All the blackhats will voluntairly label their packets as blackhat attacks so firewalls can drop them.
It does something like this. My workstation at work is constantly getting scanned by "Norton AV."
They make it sound very Gibson-esque in there. But it's not clear what these people are actually doing (except raking in millions of dollars). They have fancy displays and lots of data mining, packet sniffing and tracing technology and they're preventing... What? Well, nobody really knows.
Smoke and mirrors. Meanwhile you're being pumped for thousands a month. The price is quoted right in the article. A couple thousand a month seems reasonable. After all those Bulgarian hackers are vicious!
If you're interested in that then let me tell you about my company.
I've started a ghost-busting business. Using specially developed anti-ghost technology I am able to monitor minor disturbances along the walls of your house. From my Central Office of New Ghost Activity Monitoring Equipment I have been detecting thousands of intrusions each day! With the pattented Spectral Tracking Universal Psychic Intrusion Detector, I can see all over the world and into the cosmos to detect super-natural invasions even before they occur.
Ah! Even as we speak a spectral invasion fleet masses in Zaire to invade your kitchen!
SweatyB
It breaks my pluginses, my precious!
The Internet is a communications network as defined in the National Security Act. Therefore it is 0wnx0r3d by design (remember DARPA?).
There's always been a thick wall between national security and law enforcement in the US, which is why the government has to play stupid about Cyptome's logs instead of just pulling the information up in less than a second.
The purpose of TIA is to dissolve the wall and admit it. Everything that freaks people out about it already exists and is in place and always has been.
The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.
For some reason I pictured something with horses, big hats and shotguns. Oh yeah, and some people walking funny in cowboy boots, protecting ya all/ya oil from them bad guys
"Symantec's Virginia security centre"
WTF is up with the french out of nulle part?
Oops! I just did it too! That means "nowhere," and just like CENTRE, even though it's spelled differently and the french SAY it differently, you still pronounce it "nowhere."
Check it out! That makes me a l33t european!
Fucking assholes. Only FRENCH people should compose in FRENCH you fucking morons.
Wow, I can't believe I used so many apostrophes.
Anyway, what's scary about protecting the national IT infrastructure? I mean, as long as they aren't spying on people or whatnot, shouldn't that stuff be monitored?
Automated tools like firewalls and stuff can't be perfect, so it's a good idea to have people looking out for aberrant traffic.(perhaps the future of hacking will be in making intrusions unnoticeable...)
autopr0n is like, down and stuff.
So. This is where they come up with the viruses to infect our computers and inflate the sales of their anit-virus software?
The root word virus is latin, the "es" is derived from anglo-saxon plural. Only penises (sic) would want to make a point about something that is etymologically incorrect. pfft - I blame Microsoft Word.
Inside Symantec's Virus Writi^H^H^H^H^H^H^H^H^ Security Center.
If you don't have the $100k to sign up for
Symantec, check out DShield.org and The Internet Storm Center to get it all for free, including the pretty pictures for the boss.
Am I smoking crack, or is that NetSaint/Nagios to the picture to the left of the globe???
--
Vote for your hopes, not for your fears - Vote Third Party
On a side note, did anyone else notice that the government "Homeland Security" proposal for Internet monitoring is not to be done by any governmental agency, but rather outsourced to the private sector? Think that this might be a way to salvage UUNET from the Worldcom junkpile, as well as keep the public Internet as we know it up and running?
You'll never hear them refer to something as "the Clinton Administration's DMCA", but you'll frequently see things like "the Bush Administration's public Internet-monitoring".
What the heck do the staff there do? Couldn't they just replace the staff with a perl script?
Funny bit about the mention of being able to monitor things coming from WITHIN the clients network. You would think anyone intelligent/willing to commint electronic espionage would at least be smart enough to burn the data to a pocket CD-R and take it home and transferr it from there. And if the workstation isn't equipped with a CD-RW drive, they make some dang small portable drives (Plextor makes one the size of a discman that even comes in a very cd-player like case, wouldn't think that would be hard to sneak in), or click drives, or maybe even a floppy if your transferring something small enough (spanned over multiple disks even?).
The point is, anyone stupid enough to transmit company data from WITHIN the company's network deserves whatever they get.
"The saddest words of mice and men, are not those which were, but should have been."
Nagios (aka The software formerly known as Netsaint) can be seen clearly on the left hand side of the picture in the article. Looks like Symantec recognises a quality piece of software when they see it.
Slogan seen above entry door:
THERE'S NO FIGHTING IN THE WAR ROOM!
Who knows what movie that's from?
-ted
Now unless i'm totally wrong, worms CAN'T travel IN IMAGES. They can be seen as pics by some window managers hiding the
Tsuyoikoto ha taisetsu da ne, dakedo namida mo hitsuyousa (Strength is an important thing, but tears too are necessary)
"[...]the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure".
Am I the only one who sees a contradiction here? The article plainly states "On a recent Friday, the globe showed more than 16,000 attempted break-ins originating from the United States, which often ranks as the world's top launching pad for computer hackers. Brazil ranked No. 4 with 722 attacks. South Korea, Japan, Germany and Taiwan also frequently appear on Symantec's top 10 list for malicious computer activity."
So unless the Bush administration wants to protect OTHER countries from US "hackers", we have a problem here...
[on a side note, I don't see any of the "axes of evil"'s countries in the list.. ]
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'
Protect from whom?
One of the basic assumptions of a firewall is that all the Bad Guys (TM) are on the outside. Implementing a Nation-wide monitoring station implies that you (a) believe all the Evil HaX0r's are foreign, or (b) you are willing to throw away any pretenses of respecting the privacy of your citizens.
Both are stupid IMHO. If you want to be safe from Evil Internet Danger #37, *YOU* should firewall your machine against it... not expect some government agency to do it for you. This seems to be a basic problem with this generation... instead of standing up for their individual rights and doing things for themselves where possible, they whine at congress and get laws passed.
<example #950>
I recently started a bathroom repair project and have to replace the water faucets in my shower. I have the classic three-knob variant with hot, cold, and a valve to shunt the water into the tub or through the shower-head. I wanted to replace those with newer versions. Simple, right?
NO! A law was passed a few years ago that makes it illegal to install this kind of faucet in Michigan. You have to use a pressure-balanced faucet to keep idiots from getting scalded when someone else in the house flushes a toilet.
So, even if I live alone, I have to get a single-knob faucet (which I find harder to adjust) to protect me from an event which can't happen... and even if it did, wouldn't really bother me that much (Duh, step back from the now-hot water stream?).
</example>
I knew we were doomed when they banned the rugged all-metal Tonka trucks because parents were afraid their children would use them to beat each other sensless. Now we just render the kids sensless by raising them to be afraid of everything.
So you see Antonio, why worry about one little core dump, eh? In reality
all core dumps happen at the same instant, so the core dump you will have
tomorrow, why, it already happened. You see, it's just a little universal
recursive joke which threads our lives through the infinite potential of
the instant. So go to sleep, Antonio, your thread could break any moment
and cast you out of the safe security of the instant into the dark void of
eternity, the anti-time. So go to sleep...
- this post brought to you by the Automated Last Post Generator...