Internet Security

satanicguardian

satanicguardian

satanicguardian

Associate
Joined
20 Aug 2007
Posts
1,333
Location
Solihull
Hey guys, not sure if this is the best place for this thread, unless I'm blind there's no internet security thread, I am quite blind though! :D

Anyway, I'm at work at the moment and need some advice - last night my company had a random person log in to one of our hardware supplier accounts and order £10,000 of stock on our card. We've stopped it all and had the transaction reversed but we think the person who orders stock may have been keylogged.

I've installed a new firewall on the server rack, scanned every PC and got brand new ESET endpoint for all clients, does anyone know if there's anyway to test our security now? I want to see what would happen if someone tried to hack/gain access to my pc now, hopefully they won't stand a chance :D

I've tried a site called PC flank, but I have no idea how tough that is.

If anyone fancies a crack at getting in, feel free, I wanna see if we're safe! :)

Gogo -> 188.39.78.12 <- :D
 
You need to nail down what actually happened. You *think* it *may* be a keylogger at work, but you'll learn a lot from the details.

You say a random person logged in, was it a valid employee account? By "last night" do you mean literally out of hours? If so, accounts should be disabled outside working hours etc.

If you post more info I can give more advice. :)
 
theheyes said:
You need to nail down what actually happened. You *think* it *may* be a keylogger at work, but you'll learn a lot from the details.

You say a random person logged in, was it a valid employee account? By "last night" do you mean literally out of hours? If so, accounts should be disabled outside working hours etc.

If you post more info I can give more advice. :)
Click to expand...

Well my MD had an email come through about 4pm saying thanks for your order, same as normal procedure, except the name and address was something totally unfamiliar, and my MD is the only one who does orders hardware, so naturally we were like, uh-oh!

His PC has had a few viruses recently but we thought we cleaned it all up after running a myriad of virus removal tools and rootkit scanners together.

We also noticed emails regarding this were disappearing from his PC randomly, changed his office 365 password and disconnected his PC from internet straight away whilst calling police. As I said, it's all under control now but I want to know if we are secure now! :)
 
This is hardly surprising if the network was already compromised. You should re-image his machine and consider hiring someone to take care of security for you. A professional penetration test wouldn't go a miss if the company is large enough to benefit from it.
 
KIA said:
This is hardly surprising if the network was already compromised. You should re-image his machine and consider hiring someone to take care of security for you. A professional penetration test wouldn't go a miss if the company is large enough to benefit from it.
Click to expand...

Company is only 10 people, I do IT among with about a billion other jobs in the office XD

The compromise wouldn't have happened if it I had been given a budget, we were using freeware antivirus until this prompted them to fork out for proper stuff
 
AV is just the start though, you need systems kept up to date. A proper patching regime is crucial - for a start.

In truth the credentials that were used could be stored anywhere, you need to find out who had them, who "might" have had them and where they were storing the credentials, especially if any of them also keep them on personal accounts or cloud storage.

Ideally you'd call in a company for a penetration test, it'll cost money though and probably give your boss a heart attack when he sees the results. Plenty of companies out there do it, make sure you go for a reputable one.

You might want to look at getting your MD to use Keepass, lastpass or 1password etc so he's got a more securely generated password etc. I hate to point this out but there's a good chance it's either an employee or ex-employee who's gained the credentials via fairly normal means or someone has been poking about on the network for a long time. Trustwave reckon the average hack is on a network for 210 days before being discovered.
 
Last edited:
Halfmad said:
AV is just the start though, you need systems kept up to date. A proper patching regime is crucial - for a start.

In truth the credentials that were used could be stored anywhere, you need to find out who had them, who "might" have had them and where they were storing the credentials, especially if any of them also keep them on personal accounts or cloud storage.

Ideally you'd call in a company for a penetration test, it'll cost money though and probably give your boss a heart attack when he sees the results. Plenty of companies out there do it, make sure you go for a reputable one.

You might want to look at getting your MD to use Keepass, lastpass or 1password etc so he's got a more securely generated password etc. I hate to point this out but there's a good chance it's either an employee or ex-employee who's gained the credentials via fairly normal means or someone has been poking about on the network for a long time. Trustwave reckon the average hack is on a network for 210 days before being discovered.
Click to expand...

Hmm, I don't think it is an ex employee in this place, it's a random russian name that ordered it to somewhere in london (we're in birmingham) - my boss is quite tight about his passwords and doesn't even like me knowing them (despite the fact I can get into everything anyway).

What kinda cost are these probe tests?
 
You must log in or register to reply here.
Back
Top Bottom