[EAS] [BC] EAS Zombie Attack

Wed Feb 13 12:24:50 CST 2013

Dave,

For me it's a lot of active packet scanning and stateful inspection
firewalls with several intrusion detection systems. I have to be very
proactive being in a university setting on a state-owned network. It's
quite intense for the layman to grasp. Lots of audits. Even more
patching than Microsoft. Every machine i put into the network is
typically audited by me, then by the university IT staff and finally
the state IT department. They have to do this simply because they are
the state, this would probably be overkill for 99% of stations out
there.

For remote administration i use OpenVPN and other remote desktop
solutions that utilize several mechanisms to employ security. Every
machine has at least 3 users, only 1 is an administrator account in
the windows world. All the machines are authenticated against a
private RADIUS server versus the campus active directory system
because we want to be segregated from the rest of the university. Even
the campus wireless system has a VLAN for itself so that wireless
users cannot get into our network. It sucks sometimes, but i'd rather
have the security than the convenience. We also employ a DMZ network
for a few machines that have to be internet accessible for one reason
or another. All my Comrex gear sits here, webcast, etc. They are
considered "untrusted" devices and there's a bastian host that
monitors the traffic passing from egress to ingress.

There's a lot of buzzwords in there, but they all do mean something,
and cannot be easily explained in a single email to a list.

Even though i have all this technology in place to prevent intrusion,
there's one thing you can really never safeguard against, and that's
the human factor. You'd be surprised the places people can get with a
little social engineering and a smile.

Pick up a few books from Oreilly publishing. There's several books
there that will give you a good start, they even have "security for
dummies" which is pretty comprehensive. (www.ora.com)

It really comes from years of experience, and much like RF engineering
and cart decks, you have to typically reverse-engineer things to find
out how to fix them. Best way to fix something is to break it. :) Find
an old PC and load up some Linux software, Windows, etc, and try to
break into them from default... there's plenty of instruction manuals
online on how to do such things, then move on from there. You'll
quickly find yourself pretty deep in several command line windows and
watching a wireshark feed at the same time while constructing hping
packets to manipulate the response.

It's not for the light hearted. I started in IT in 1992... i was 12
years old, with SLIP accounts at universities all over the country
backdooring old AT&T SYSV UNIX machines and UNIVACs. Then linux
happened and BSD was there, solaris, etc. Windows is what i use from
day to day, but with the hacker mentality, windows typically doesn't
cut the mustard. There's several "underground" networks still in use
for the "old timers" (in computer years anyways) to communicate off
the grid.

It's very akin to the old phone phreaking community and those guys who
understood the phone system better than ma bell.

Sorry to be so long-winded, but it's not a simple question to answer. :)

--
Alex Hartman