Inside Symantec's 'Security Center'

← Back to Stories (view on slashdot.org)

Inside Symantec's 'Security Center'

Posted by Hemos on Thursday January 9, 2003 @09:49AM from the look-into-the-future dept.

dipfan writes "There's a fascinating view looking at Symantec's Virginia security centre, where the company defends its corporate clients' networks against those wicked hackers. Scary quote from the Washington Post article: 'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'"

26 of 225 comments (clear)

This is as it should be by ajs · 2003-01-09 09:51 · Score: 5, Insightful

Well, if you were trying to stay one step ahead of the people breaking into systems, wouldn't you have a network with a bunch of honeypots and as much logging as you could manage?

This is basic network security practice, no?
Hacks originate? by Maeryk · 2003-01-09 09:51 · Score: 5, Funny

Every five minutes or so, a giant, illuminated globe appears on the central screen and starts to rotate, displaying the locations worldwide where hackers are launching the most attacks.

Yep.. most of it is new york, and most of the hits they are aiming for are that giant flashing thing on the rotating illuminated globe labeled "The Gibson".

Then all the Symantec people skateboard around listening to Orbital.

maeryk

--
Feminine Protection? What is that? A chartreuse flame thrower?
Heh... by Pig+Hogger · 2003-01-09 09:53 · Score: 5, Insightful

The best croporate security policy starts by not boasting about the security procedures. Not for security by obscurity, but simply not to boast and make oneself a target for crackers.
1. Re:Heh... by ajs · 2003-01-09 09:56 · Score: 5, Interesting
  
  Then again, the best source of network intrusion data is to boast about the quality of your security and then sit back and log the results :-)
  
  This is just a honeypot network, which if you think about it, is the only reasonable way for them to get the information they need on network intrusion.
2. Re:Heh... by n3rd · 2003-01-09 10:38 · Score: 5, Insightful
  
  Then again, the best source of network intrusion data is to boast about the quality of your security and then sit back and log the results :-)
  
  This is just a honeypot network, which if you think about it, is the only reasonable way for them to get the information they need on network intrusion.
  
  Actually, this more than likely won't work too well.
  
  Their company says "We're a security company, come own our network!". What will happen? All the script kiddies will hit it, probably DoS it some and nothing new will be learned.
  
  The people who have new, unreleased or self created exploits and techniques won't hit the network because they know they are being watched. If they did they would in a sense be helping the enemy. If you were a blackhat would you try to own a self-proclaimed honeypot that belongs to a network security company and let them learn your secrets? I wouldn't.
"Security Events" by Logic+Bomb · 2003-01-09 09:53 · Score: 4, Insightful

Not that they're irrelevant to hacking by any means, but "security events" probably includes every time a ping attempt passes into the network. Saying they detect 15,000 "security events" per day is pretty good propaganda from a company looking to attract clients.
1. Re:"Security Events" by Unknown+Relic · 2003-01-09 10:05 · Score: 5, Informative
  
  Why not include all of what you're quoting?
  
  'Big numbers are par for the course at the Alexandria center, where analysts detect more than 15,000 discrete "security events" against Symantec's clients every day. About 4,000 are deemed real hacker attacks after further analysis, company officials said.'
  
  Intrusion detection systems often return a fair number of false positive hits. All they're saying here is that their system returns 16,000 positive results, a little over 25% of which are actually cause for concern.
It would be... by RebelTycoon · 2003-01-09 09:53 · Score: 5, Funny

Bush administration wants the federal government to develop to protect the nation's electronic infrastructure

It would be a tragedy should the terrorists win, destroy all the porn sites on the Internet. They think the US was pissed off with 9-11? Wait until we have no porn... They won't have a chance!

--
Tournament Management Online &
Inside Linux's security center by Amsterdam+Vallon · 2003-01-09 09:55 · Score: 4, Funny

... three guys, two cases of beer, one bag of pretzels, and an NFL playoff game, neither of whom gives a crap about the latest virii because their operating system doesn't support them.

--

Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
1. Re:Inside Linux's security center by sheriff_p · 2003-01-09 10:30 · Score: 5, Informative
  
  Despite killing any credibility you had by using the word 'virii', you might be interested in:
  
  Linux/Slapper
  Linux/Etap
  
  or any of the host of others (those are the most interesting in my eyes). But seriously, what is it with people saying that Linux is somehow invincible when it comes to viruses? An unpatched Windows box is no less secure that almost any unpatched BSD or Linux distro from six months ago (see: OpenSSH vulnerabilities).
  
  There's a great article about weenies who seem to think that their click-and-drool Mandrake install is somehow impenetrable here:
  
  http://www.virusbtn.com/magazine/archives/200209/l inux_malware.xml
  
  --
  Score:-1, Funny
Anyone else notice... by Anonymous Coward · 2003-01-09 09:58 · Score: 5, Informative

That's nagios they have running up on the big screen in the picture of the center. As a side note, NTT/Verio uses Nagios for alot of it's monitoring as well. Their command centers always have at least one nagios view up.
Rotating cubicle by ch-chuck · 2003-01-09 10:01 · Score: 5, Funny

Sitting in a raised, rotating cubicle with built-in computer monitors and its own heat and light controls, Smishko pores over logs

I'm astounded. I want a rotating cubicle. With a big knob marked 'angular velocity'. In radians per second.

--
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Tom Clancy's Netforce by intrico · 2003-01-09 10:01 · Score: 5, Interesting

I rented Tom Clancy's Netforce DVD not too long ago. It had a fictional depiction of a government Internet security monitoring task force and command center similar to what the Bush administration wants to create and what's pictured in the symantec article. The story was set around the year 2005, and they even mentioned that it was "after the second gulf war" - very prophetic indeed.
1. Re:Tom Clancy's Netforce by LS · 2003-01-09 21:13 · Score: 4, Informative
  
  The center pictured in the article looks the way it does BECAUSE of past descriptions of security centers in popular media. If reporters weren't going to be visiting Symantec's security center, they wouldn't have the big monitor array, the dim lighting, and the fancy rotating "cubes".
  
  I'm not just talking out of my ass - I used to work for the Norton AntiVirus division, and the virus lab only ever had 2 or 3 people in it, but when the reporters came by, 15 of us would all shuffle in and happily type random characters on the keyboard.
  
  They also had a policy of not allowing any media that went into the virus lab to leave, except by a couple of armed guards who had their guns drawn as they took the evil floppies out of the lab. This was all a show for reporters as well...
  
  LS
  
  --
  There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
Oh I'm on a roll today! (And still off-topic) by Chocolate+Teapot · 2003-01-09 10:13 · Score: 5, Interesting

"Symatec Corporation" Is an anagram of "motto: conspiracy near"

--
Modest doubt is called the beacon of the wise. - William Shakespeare
Video for you broadband folks by aengblom · 2003-01-09 10:19 · Score: 5, Informative

The Post also has a video (real) up with interviews and some views inside the building.

Web page

http://www.washingtonpost.com/wp-srv/mmedia/washte ch/010603-20v.htm

Direct Link

http://mfile.akamai.com/920/rm/thepost.download.ak amai.com/920/washtech/010603-20v.ram

--

So close and yet so far from the world's perfect ID number
1. Re:Video for you broadband folks by alexandre · 2003-01-09 10:47 · Score: 5, Funny
  
  Now, on the first few seconds you see the top manager entering his pin number while being filmed! How userfriendly is that to hackers? ;)
Re:They should use that map... by Jardine · 2003-01-09 10:23 · Score: 5, Interesting

That got me thinking. How do they distinguish between real attacks and network admins testing things. If I decide to ping my home machine from work until it screams for mercy, does that show up on their map?
scary - use encryption by Anonymous Coward · 2003-01-09 10:30 · Score: 5, Insightful

This is a strong commentary on why you should use encryption all the time:

If data is transmitted, she can see that, too -- and not only when it is moved by outsiders. Symantec has caught insiders improperly sending pre-merger details and pre-earnings data and has reported those findings to the employees' bosses.

Of course, where I'm employed, it is company policy that you can be terminated on the spot if you use encryption (for example, encrypting your email or files - I wonder if this applies to using a compression algorithm which sort of encrypts it. Or if you compress files and lock them with a password).
1. Re:scary - use encryption by Glytch · 2003-01-09 16:40 · Score: 4, Insightful
  
  Maybe the banning of encryption at your workplace has more to do with the "what if the only person with our critical data gets hit by a bus?" kind of scenario. That was the rationale at one job I worked at, I'm wondering if it's commonplace.
They're attacking Washington! by netsharc · 2003-01-09 10:35 · Score: 5, Funny

22:30 Universal Time, Symantec Security Central, Alexandria, Virginia...

Techie 1: "We're seeing massive traffic going into Washington.. it looks like an attack is happening."
Techie 2: "Uh oh.. prepare anti-ddos measures. Where is it coming from?"
Techie 1: "All over the world.. hmm, wait.. oh my god, most of it is coming from the US itself!!This is bad.. I'm tapping into their communication.."
Techie 2: "What can you see?"
Techie 1: "I can see some words, but they're not complete.."
The screen blinks, the words "f.rs..p.st! Ea..ho. .gr.ts!.!" can be seen..

--
What time is it/will be over there? Check with my iPhone app!
Rotating cubicle made by Poetic by CoderDevo · 2003-01-09 10:36 · Score: 5, Informative

Poetic Technologies makes the rotating cubicle that they are using.

Looks like they are using the full-featured Aura model. Yes, we should all have one.
Re:scary quote? by StevenMaurer · 2003-01-09 11:00 · Score: 4, Insightful

I'm a Democrat, and no fan of the Bush administration, but this comment is certainly not Flamebait.

The concept of catching people who deliberately intrude into other people's systems is a much different from general snooping on people who are going about their daily business. Honeypots are not the problem. It's systems like Carnivore we need to be worried about.
Scorpio by Shadow+Wrought · 2003-01-09 11:12 · Score: 4, Funny

When questioned as to whether or not Symantec's control bunker was actually a facade for an operation bent on world domination, Symantec's CEO, going only by the name Scorpio, declined to comment.
Although in fairness he did provide this reporter with sugar from his pocket and the Denver Broncos.

--
If brevity is the soul of wit, then how does one explain Twitter?
Sure by KPU · 2003-01-09 11:14 · Score: 5, Funny

All the blackhats will voluntairly label their packets as blackhat attacks so firewalls can drop them.
Advertising in the Guise of Reporting by sweatyboatman · 2003-01-09 11:41 · Score: 5, Insightful

They make it sound very Gibson-esque in there. But it's not clear what these people are actually doing (except raking in millions of dollars). They have fancy displays and lots of data mining, packet sniffing and tracing technology and they're preventing... What? Well, nobody really knows.

Smoke and mirrors. Meanwhile you're being pumped for thousands a month. The price is quoted right in the article. A couple thousand a month seems reasonable. After all those Bulgarian hackers are vicious!

If you're interested in that then let me tell you about my company.

I've started a ghost-busting business. Using specially developed anti-ghost technology I am able to monitor minor disturbances along the walls of your house. From my Central Office of New Ghost Activity Monitoring Equipment I have been detecting thousands of intrusions each day! With the pattented Spectral Tracking Universal Psychic Intrusion Detector, I can see all over the world and into the cosmos to detect super-natural invasions even before they occur.

Ah! Even as we speak a spectral invasion fleet masses in Zaire to invade your kitchen!

SweatyB

--
It breaks my pluginses, my precious!