Work getting hacked?

need to implement robust Vulnerability management process. along with application Whitelists and IOC based detection capabilities, rather than signature based
 
it always amazes me that people who work in IT are stupid enough to click phishing emails like morons, yet if I tried to get their job I would have no chance because I have no qualifications for it.

yet I'm about as computer literate as they come, there's nothing I can't figure out on my own in a short space of time.
 
anything I don't mind said:
We have a managed firewall which makes monitoring traffic even more difficult. I could request that the managed firewall people monitor traffic and look for any international connections or connections out of hours.

I know what you mean though, that is realy the only way to see if there is still an underlying infection that is keeping quiet and slowly getting root on the network.
Click to expand...

It's certainly one way, not necessarily the only way but it's a relatively good indicator of compromise way to go about things.

Some 'next gen' (got I hate that term) IPS systems can be used in this sort of manner, or again a SIEM of some sort might be able to spot things (i.e. like a machine that historically used to talk to only a couple of IPs is now talking to hundreds, outbound traffic to unusual locations or at unusual times).

As with a lot of things plenty of ways to do it which all depend on plenty of other things, one of which is budget which is usually the sticky point ;)

LordSplodge said:
Get out of support and into a IT security job then.
Click to expand...

Certainly not a bad area to work in ;)
 
Last edited:
My firm recently sent out it's own phishing e-mail to it's employee's as a test a few days after we all had extra training and yet 10% still opened the link, you just can't account for absolute morons at times!
 
I always thought that the PCs iny old place of work should have been converted to run a Linux distribution, mainly because all people ever did was write reports, send emails and view a web based shift report.

But then again I don't really know what administrators deal with
 
ianh said:
My firm recently sent out it's own phishing e-mail to it's employee's as a test a few days after we all had extra training and yet 10% still opened the link, you just can't account for absolute morons at times!
Click to expand...

Yup. Same.
 
Defiant306 said:
Meh, come back when your users manage to Cryptolocker their servers. Boomin thing sucks!
Click to expand...

We had that, one of our clients ran it on their workstation which encrypted the entire drive map. They didn't have backups either, those chose to write the data off rather than pay the random to get their data decrypted.

They finally decided to updated from SBS2003 though :D
 
I was going to write a long post about this and how we manage to avoid dramas for the most part but thought it'd bore people and depress me.

I remember someone removing a router protect firewall policy on one of our internet routers once. Jesus, the log file onslaught was ridiculous. I thought my VPS logs were mental before I set up fail2ban but for a corporate internet router, well.... :eek:
 
anything I don't mind said:
I know what you mean though, that is realy the only way to see if there is still an underlying infection that is keeping quiet and slowly getting root on the network.
Click to expand...

Also could look at setting up a honeypot on the internal network and see what comes calling internally, if anything.
 
You must log in or register to reply here.
Back
Top Bottom