Inside Symantec's 'Security Center'

dipfan writes "There's a fascinating view looking at Symantec's Virginia security centre, where the company defends its corporate clients' networks against those wicked hackers. Scary quote from the Washington Post article: 'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'"

What if they mess up?

[dirvish]

If one of their clien'ts systems get hosed do they just let them know and say sorry or do they have some kind of insurance?

Re:What if they mess up?

[stratjakt]

"If data is transmitted, she can see that, too -- and not only when it is moved by outsiders. Symantec has caught insiders improperly sending pre-merger details and pre-earnings data and has reported those findings to the employees' bosses."

I'm sure they sign some NDAs and whatnot, but it might be awful tempting for a 30-40k a year 'analyst' to take that ball and run with it.

Re:What if they mess up?

[dev0n]

That's exactly what I thought when I read that. If they're reading all the emails going into and out of the companies that they monitor (which they must be doing to see that kind of information), then they're seeing a hell of a lot more than pre-merger details. NDAs are great and all, but that thought kinda scares me.

It's bad enough knowing that our own admins do such things.. but an entire outside organization having access to all our correspondence?

*shudder* I wish more people used encryption..

Re:Heh...

[ajs]

Then again, the best source of network intrusion data is to boast about the quality of your security and then sit back and log the results :-)

This is just a honeypot network, which if you think about it, is the only reasonable way for them to get the information they need on network intrusion.

Tom Clancy's Netforce

[intrico]

I rented Tom Clancy's Netforce DVD not too long ago. It had a fictional depiction of a government Internet security monitoring task force and command center similar to what the Bush administration wants to create and what's pictured in the symantec article. The story was set around the year 2005, and they even mentioned that it was "after the second gulf war" - very prophetic indeed.

Oh I'm on a roll today! (And still off-topic)

[Chocolate+Teapot]

"Symatec Corporation" Is an anagram of "motto: conspiracy near"

I wonder

[mao+che+minh]

I wonder how bad the prospect of a rapid gain of 5% of the home PC and 10% of the business workstation market by Linux scares companies like these? How bad do they fret over the fact that many, many servers running inheirently insecure operating systems are being replaced by an operating system that has no need for them?

It reminds me of something Roblimo wrote about the other day over at NewsForge, where he was standing in the software aisle of CompUSA looking at rows and rows of applications that exist to fix some deficiency with Windows. What will these companies do when Linux takes over?

Re:They should use that map...

[Jardine]

That got me thinking. How do they distinguish between real attacks and network admins testing things. If I decide to ping my home machine from work until it screams for mercy, does that show up on their map?

Symantec Internet Firewall

I have this sneaking suspicion about symantec. Basically, I installed their "internet security package" or whatever it is, which includes a 6 month subscription or whatever it is. The logfiles show that I am attmpted to be attacked by the "subseven" trojan about 140 times a day, though my system (apparently) is clean of this.

Yet "subseven" gets almost no press anywhere else.

My question is this: is subseven a symantec marketing ploy to make me purchase the subscription?

Re:Symantec Internet Firewall

[stratjakt]

No, you don't have the trojan, but it's reporting people who are scanning your PC to see if it's there.

Subseven is a very real backdoor app, like BackOrifice. Once it's on your machine someone can connect to it and basically do whatever they want remotely. It's an 8th graders hacking tool.

You really are getting scanned by those 8th graders 140 times a day, hoping the trojan might be there.

Try joining a large chatroom on irc and see how many people auto-scan you.

Half open scanning...

[marijnm]

hmmm,

I wonder if they log half open scans too...

Re:"Security Events" - speaking of ping counts

[BurKaZoiD]

Correct me if I'm smoking crack here (because I'm not a network person by any means, just a lowly programmer), but doesn't Norton AV Corporate version try to find clients on a local network by doing a lookup on port 38293 and if it doesn't find it there it tries a NetBios lookup?


I wonder how many of those "pings" are caused by their own damn product?

Define "Launchpad"

[echucker]

On a recent Friday, the globe showed more than 16,000 attempted break-ins originating from the United States, which often ranks as the world's top launching pad for computer hackers. Brazil ranked No. 4 with 722 attacks. South Korea, Japan, Germany and Taiwan also frequently appear on Symantec's top 10 list for malicious computer activity.

Soooo, does this mean the attack was orchestrated from said country, or the peon's comprimised computers who actually do the attacking are located there?

Interesting... The feds already use Symantec

[soap.xml]

From the article: Symantec is known as the maker of the Norton anti-virus software that runs... snip ...Mid-size companies typically pay Symantec $1,000 to $2,000 a month to monitor their networks. The firm has big clients, too -- including 55 of the Fortune 500 companies -- and does work for several federal agencies.

If the government comes up with a monitoring solution that is anything like what Symantec is already doing, and if serval federal agencies are already using Symantec, it wouldn't be too suprising to see security monitoring and what not farmed out to these corporations.

It would be interesting to see what comes from something like this. Who gets the contracts, and what "privs" do they get. What data are the corps allowed to get to, what are the restirictions on that data, and even worse, what they really do with it...

Why Is This Surprising?

The subject of this article shouldn't surprise anyone. Supposedly UUNET has been monitoring traffic in a NOC for years that would put the Symantec rotating cubicles and puny screens to shame. But then again, I doubt that UUNET lets reporters into their NOC.

On a side note, did anyone else notice that the government "Homeland Security" proposal for Internet monitoring is not to be done by any governmental agency, but rather outsourced to the private sector? Think that this might be a way to salvage UUNET from the Worldcom junkpile, as well as keep the public Internet as we know it up and running?

Re:Heh...

[jez9999]

*SARCASM OVERLOAD..... BOOM!!!!!*

Seriously people, could you actually say what you mean rather than being ultra-sarcastic and expecting people to realise? There will come a point where they don't. There's a limit to how much sarcasm should be used in a post. Every sentence in the parent post is sarcastic, and the poster means the *exact* opposits of what he/she actually posted. At least, I think that's the case.

Please place your tongue on the screen Citizen.

[Quixadhal]

'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'

Protect from whom?

One of the basic assumptions of a firewall is that all the Bad Guys (TM) are on the outside. Implementing a Nation-wide monitoring station implies that you (a) believe all the Evil HaX0r's are foreign, or (b) you are willing to throw away any pretenses of respecting the privacy of your citizens.

Both are stupid IMHO. If you want to be safe from Evil Internet Danger #37, *YOU* should firewall your machine against it... not expect some government agency to do it for you. This seems to be a basic problem with this generation... instead of standing up for their individual rights and doing things for themselves where possible, they whine at congress and get laws passed.

<example #950>
I recently started a bathroom repair project and have to replace the water faucets in my shower. I have the classic three-knob variant with hot, cold, and a valve to shunt the water into the tub or through the shower-head. I wanted to replace those with newer versions. Simple, right?

NO! A law was passed a few years ago that makes it illegal to install this kind of faucet in Michigan. You have to use a pressure-balanced faucet to keep idiots from getting scalded when someone else in the house flushes a toilet.

So, even if I live alone, I have to get a single-knob faucet (which I find harder to adjust) to protect me from an event which can't happen... and even if it did, wouldn't really bother me that much (Duh, step back from the now-hot water stream?).
</example>

I knew we were doomed when they banned the rugged all-metal Tonka trucks because parents were afraid their children would use them to beat each other sensless. Now we just render the kids sensless by raising them to be afraid of everything.