Slashdot Mirror
Inside Symantec's 'Security Center'
dipfan writes "There's a fascinating view looking at Symantec's Virginia security centre, where the company defends its corporate clients' networks against those wicked hackers. Scary quote from the Washington Post article: 'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'"
On a side note:
2003-01-09 09:20:20 Symantec's Security Central (articles,news) (rejected)
(I'm not bitter!)
That's nagios they have running up on the big screen in the picture of the center. As a side note, NTT/Verio uses Nagios for alot of it's monitoring as well. Their command centers always have at least one nagios view up.
Why not include all of what you're quoting?
'Big numbers are par for the course at the Alexandria center, where analysts detect more than 15,000 discrete "security events" against Symantec's clients every day. About 4,000 are deemed real hacker attacks after further analysis, company officials said.'
Intrusion detection systems often return a fair number of false positive hits. All they're saying here is that their system returns 16,000 positive results, a little over 25% of which are actually cause for concern.
On that note, for those of you who missed the link at the bottom of the article, a video of the facility is also included:
Original Embedded Video Page
Direct Link
The video is in Real format.
The Post also has a video (real) up with interviews and some views inside the building.
e ch/010603-20v.htm
k amai.com/920/washtech/010603-20v.ram
Web page
http://www.washingtonpost.com/wp-srv/mmedia/washt
Direct Link
http://mfile.akamai.com/920/rm/thepost.download.a
So close and yet so far from the world's perfect ID number
Despite killing any credibility you had by using the word 'virii', you might be interested in:
l inux_malware.xml
Linux/Slapper
Linux/Etap
or any of the host of others (those are the most interesting in my eyes). But seriously, what is it with people saying that Linux is somehow invincible when it comes to viruses? An unpatched Windows box is no less secure that almost any unpatched BSD or Linux distro from six months ago (see: OpenSSH vulnerabilities).
There's a great article about weenies who seem to think that their click-and-drool Mandrake install is somehow impenetrable here:
http://www.virusbtn.com/magazine/archives/200209/
Score:-1, Funny
The firewall is reporting attempts to connect to a specific port on your system known to be used by a trojan exploit. It does not mean your system has the trojan. SubSeven has been around for a long time, but the identification as SubSeven is not definitive - that's just the name associated with connects to that particular numbered port.
If you want food for thought, shut down your system and look at the data light on your cable modem (assuming you have one). If it's like mine, it flashes continuously, indicating attempted connects to your IP address. Those are typically coming from people running port scanners and virus-infected systems.
Poetic Technologies makes the rotating cubicle that they are using.
Looks like they are using the full-featured Aura model. Yes, we should all have one.
Of course that light on the modem may also be indicating the arp requests (plus the aforementioned scans etc,) that are coming from your upline providers. Not everything on the net is necessarily evil. Some of it is just annoying.
It shows up as an attack. Companies that are going to have any intensive testing done (where 'intensive' means might bring down your circuit) you should alert your upstream as to when the test is to take place. Otherwise, it looks no different that any other run-of-the-mill attack. Maybe someday there will be a flag to set in the packets that denotes whitehat/blackhat hacking, but until then, call your provider.
Michael Loves Me!
Soooo, does this mean the attack was orchestrated from said country, or the peon's comprimised computers who actually do the attacking are located there?
The source IP address is in that country.
They couldn't know where the attacker is physically sitting without having access to the attacking system, checking the logs, checking the system the attacker came from and so on until they found the culprit.
If you don't have the $100k to sign up for
Symantec, check out DShield.org and The Internet Storm Center to get it all for free, including the pretty pictures for the boss.
And his reply was a joke too, you humorless twat.
The center pictured in the article looks the way it does BECAUSE of past descriptions of security centers in popular media. If reporters weren't going to be visiting Symantec's security center, they wouldn't have the big monitor array, the dim lighting, and the fancy rotating "cubes".
I'm not just talking out of my ass - I used to work for the Norton AntiVirus division, and the virus lab only ever had 2 or 3 people in it, but when the reporters came by, 15 of us would all shuffle in and happily type random characters on the keyboard.
They also had a policy of not allowing any media that went into the virus lab to leave, except by a couple of armed guards who had their guns drawn as they took the evil floppies out of the lab. This was all a show for reporters as well...
LS
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie