Slashdot Mirror
Inside Symantec's 'Security Center'
dipfan writes "There's a fascinating view looking at Symantec's Virginia security centre, where the company defends its corporate clients' networks against those wicked hackers. Scary quote from the Washington Post article: 'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'"
Well, if you were trying to stay one step ahead of the people breaking into systems, wouldn't you have a network with a bunch of honeypots and as much logging as you could manage?
This is basic network security practice, no?
Every five minutes or so, a giant, illuminated globe appears on the central screen and starts to rotate, displaying the locations worldwide where hackers are launching the most attacks.
Yep.. most of it is new york, and most of the hits they are aiming for are that giant flashing thing on the rotating illuminated globe labeled "The Gibson".
Then all the Symantec people skateboard around listening to Orbital.
maeryk
Feminine Protection? What is that? A chartreuse flame thrower?
If one of their clien'ts systems get hosed do they just let them know and say sorry or do they have some kind of insurance?
FoundNews.com - get paid to blog.,
The best croporate security policy starts by not boasting about the security procedures. Not for security by obscurity, but simply not to boast and make oneself a target for crackers.
Not that they're irrelevant to hacking by any means, but "security events" probably includes every time a ping attempt passes into the network. Saying they detect 15,000 "security events" per day is pretty good propaganda from a company looking to attract clients.
Bush administration wants the federal government to develop to protect the nation's electronic infrastructure
It would be a tragedy should the terrorists win, destroy all the porn sites on the Internet. They think the US was pissed off with 9-11? Wait until we have no porn... They won't have a chance!
Tournament Management Online &
On a side note:
2003-01-09 09:20:20 Symantec's Security Central (articles,news) (rejected)
(I'm not bitter!)
... three guys, two cases of beer, one bag of pretzels, and an NFL playoff game, neither of whom gives a crap about the latest virii because their operating system doesn't support them.
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
That's nagios they have running up on the big screen in the picture of the center. As a side note, NTT/Verio uses Nagios for alot of it's monitoring as well. Their command centers always have at least one nagios view up.
Sitting in a raised, rotating cubicle with built-in computer monitors and its own heat and light controls, Smishko pores over logs
I'm astounded. I want a rotating cubicle. With a big knob marked 'angular velocity'. In radians per second.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
I rented Tom Clancy's Netforce DVD not too long ago. It had a fictional depiction of a government Internet security monitoring task force and command center similar to what the Bush administration wants to create and what's pictured in the symantec article. The story was set around the year 2005, and they even mentioned that it was "after the second gulf war" - very prophetic indeed.
"Symatec Corporation" Is an anagram of "motto: conspiracy near"
Modest doubt is called the beacon of the wise. - William Shakespeare
The Post also has a video (real) up with interviews and some views inside the building.
e ch/010603-20v.htm
k amai.com/920/washtech/010603-20v.ram
Web page
http://www.washingtonpost.com/wp-srv/mmedia/washt
Direct Link
http://mfile.akamai.com/920/rm/thepost.download.a
So close and yet so far from the world's perfect ID number
It reminds me of something Roblimo wrote about the other day over at NewsForge, where he was standing in the software aisle of CompUSA looking at rows and rows of applications that exist to fix some deficiency with Windows. What will these companies do when Linux takes over?
That got me thinking. How do they distinguish between real attacks and network admins testing things. If I decide to ping my home machine from work until it screams for mercy, does that show up on their map?
clearly anybody that has a giant map of the world is trying to take it over.
but billg is doing better because his is 3-d projected.
This is a strong commentary on why you should use encryption all the time:
If data is transmitted, she can see that, too -- and not only when it is moved by outsiders. Symantec has caught insiders improperly sending pre-merger details and pre-earnings data and has reported those findings to the employees' bosses.
Of course, where I'm employed, it is company policy that you can be terminated on the spot if you use encryption (for example, encrypting your email or files - I wonder if this applies to using a compression algorithm which sort of encrypts it. Or if you compress files and lock them with a password).
The firewall is reporting attempts to connect to a specific port on your system known to be used by a trojan exploit. It does not mean your system has the trojan. SubSeven has been around for a long time, but the identification as SubSeven is not definitive - that's just the name associated with connects to that particular numbered port.
If you want food for thought, shut down your system and look at the data light on your cable modem (assuming you have one). If it's like mine, it flashes continuously, indicating attempted connects to your IP address. Those are typically coming from people running port scanners and virus-infected systems.
No, you don't have the trojan, but it's reporting people who are scanning your PC to see if it's there.
Subseven is a very real backdoor app, like BackOrifice. Once it's on your machine someone can connect to it and basically do whatever they want remotely. It's an 8th graders hacking tool.
You really are getting scanned by those 8th graders 140 times a day, hoping the trojan might be there.
Try joining a large chatroom on irc and see how many people auto-scan you.
I don't need no instructions to know how to rock!!!!
22:30 Universal Time, Symantec Security Central, Alexandria, Virginia...
.gr.ts!.!" can be seen..
Techie 1: "We're seeing massive traffic going into Washington.. it looks like an attack is happening."
Techie 2: "Uh oh.. prepare anti-ddos measures. Where is it coming from?"
Techie 1: "All over the world.. hmm, wait.. oh my god, most of it is coming from the US itself!!This is bad.. I'm tapping into their communication.."
Techie 2: "What can you see?"
Techie 1: "I can see some words, but they're not complete.."
The screen blinks, the words "f.rs..p.st! Ea..ho.
What time is it/will be over there? Check with my iPhone app!
Poetic Technologies makes the rotating cubicle that they are using.
Looks like they are using the full-featured Aura model. Yes, we should all have one.
Correct me if I'm smoking crack here (because I'm not a network person by any means, just a lowly programmer), but doesn't Norton AV Corporate version try to find clients on a local network by doing a lookup on port 38293 and if it doesn't find it there it tries a NetBios lookup?
I wonder how many of those "pings" are caused by their own damn product?
Spread the RC luvin'
On a recent Friday, the globe showed more than 16,000 attempted break-ins originating from the United States, which often ranks as the world's top launching pad for computer hackers. Brazil ranked No. 4 with 722 attacks. South Korea, Japan, Germany and Taiwan also frequently appear on Symantec's top 10 list for malicious computer activity.
Soooo, does this mean the attack was orchestrated from said country, or the peon's comprimised computers who actually do the attacking are located there?
It shows up as an attack. Companies that are going to have any intensive testing done (where 'intensive' means might bring down your circuit) you should alert your upstream as to when the test is to take place. Otherwise, it looks no different that any other run-of-the-mill attack. Maybe someday there will be a flag to set in the packets that denotes whitehat/blackhat hacking, but until then, call your provider.
Michael Loves Me!
From the article: Symantec is known as the maker of the Norton anti-virus software that runs... snip ...Mid-size companies typically pay Symantec $1,000 to $2,000 a month to monitor their networks. The firm has big clients, too -- including 55 of the Fortune 500 companies -- and does work for several federal agencies.
If the government comes up with a monitoring solution that is anything like what Symantec is already doing, and if serval federal agencies are already using Symantec, it wouldn't be too suprising to see security monitoring and what not farmed out to these corporations.
It would be interesting to see what comes from something like this. Who gets the contracts, and what "privs" do they get. What data are the corps allowed to get to, what are the restirictions on that data, and even worse, what they really do with it...
I'm a Democrat, and no fan of the Bush administration, but this comment is certainly not Flamebait.
The concept of catching people who deliberately intrude into other people's systems is a much different from general snooping on people who are going about their daily business. Honeypots are not the problem. It's systems like Carnivore we need to be worried about.
Although in fairness he did provide this reporter with sugar from his pocket and the Denver Broncos.
If brevity is the soul of wit, then how does one explain Twitter?
All the blackhats will voluntairly label their packets as blackhat attacks so firewalls can drop them.
They make it sound very Gibson-esque in there. But it's not clear what these people are actually doing (except raking in millions of dollars). They have fancy displays and lots of data mining, packet sniffing and tracing technology and they're preventing... What? Well, nobody really knows.
Smoke and mirrors. Meanwhile you're being pumped for thousands a month. The price is quoted right in the article. A couple thousand a month seems reasonable. After all those Bulgarian hackers are vicious!
If you're interested in that then let me tell you about my company.
I've started a ghost-busting business. Using specially developed anti-ghost technology I am able to monitor minor disturbances along the walls of your house. From my Central Office of New Ghost Activity Monitoring Equipment I have been detecting thousands of intrusions each day! With the pattented Spectral Tracking Universal Psychic Intrusion Detector, I can see all over the world and into the cosmos to detect super-natural invasions even before they occur.
Ah! Even as we speak a spectral invasion fleet masses in Zaire to invade your kitchen!
SweatyB
It breaks my pluginses, my precious!
What the heck do the staff there do? Couldn't they just replace the staff with a perl script?
'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'
Protect from whom?
One of the basic assumptions of a firewall is that all the Bad Guys (TM) are on the outside. Implementing a Nation-wide monitoring station implies that you (a) believe all the Evil HaX0r's are foreign, or (b) you are willing to throw away any pretenses of respecting the privacy of your citizens.
Both are stupid IMHO. If you want to be safe from Evil Internet Danger #37, *YOU* should firewall your machine against it... not expect some government agency to do it for you. This seems to be a basic problem with this generation... instead of standing up for their individual rights and doing things for themselves where possible, they whine at congress and get laws passed.
<example #950>
I recently started a bathroom repair project and have to replace the water faucets in my shower. I have the classic three-knob variant with hot, cold, and a valve to shunt the water into the tub or through the shower-head. I wanted to replace those with newer versions. Simple, right?
NO! A law was passed a few years ago that makes it illegal to install this kind of faucet in Michigan. You have to use a pressure-balanced faucet to keep idiots from getting scalded when someone else in the house flushes a toilet.
So, even if I live alone, I have to get a single-knob faucet (which I find harder to adjust) to protect me from an event which can't happen... and even if it did, wouldn't really bother me that much (Duh, step back from the now-hot water stream?).
</example>
I knew we were doomed when they banned the rugged all-metal Tonka trucks because parents were afraid their children would use them to beat each other sensless. Now we just render the kids sensless by raising them to be afraid of everything.