Warning: Constant ABSPATH already defined in /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php on line 24

Warning: Cannot modify header information - headers already sent by (output started at /customers/0/c/e/ogenstad.net/httpd.www/wp-config.php:24) in /customers/0/c/e/ogenstad.net/httpd.www/wp-includes/feed-rss2-comments.php on line 8
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	
	>
<channel>
	<title>
	Comments on: The Tale of the Disgruntled Employee &#8211; Part 12	</title>
	<atom:link href="https://ogenstad.net/2006/09/19/the-tale-of-the-disgruntled-employee-part-12/feed/" rel="self" type="application/rss+xml" />
	<link>https://ogenstad.net/2006/09/19/the-tale-of-the-disgruntled-employee-part-12/</link>
	<description>Security Stories and Help with Network Documentation</description>
	<lastBuildDate>Mon, 25 Sep 2006 15:14:44 +0000</lastBuildDate>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	
	<item>
		<title>
		By: Patrick Ogenstad		</title>
		<link>https://ogenstad.net/2006/09/19/the-tale-of-the-disgruntled-employee-part-12/comment-page-1/#comment-314</link>

		<dc:creator><![CDATA[Patrick Ogenstad]]></dc:creator>
		<pubDate>Mon, 25 Sep 2006 15:14:44 +0000</pubDate>
		<guid isPermaLink="false">http://ogenstad.net/2006/09/19/the-tale-of-the-disgruntled-employee-part-12/#comment-314</guid>

					<description><![CDATA[Excellent, making people think is one of my objectives :)

If we start with the first question, this would depend on a few circumstances. First though, if it comes to this stage it&#039;s Game Over, we don&#039;t have a network anymore and have to start from scratch. 

When it comes to this specific case in order to answer your question I would have to know what n3m0 did during the hours he spent in the server room. What n3m0 did was really a sledgehammer approach; it left all kind of footprints in different logs. If a server had crashed randomly twice during the night I would have investigated it, since I&#039;ve created the fictional character n3m0 I can say that yes I would have noticed that something was seriously wrong. 

If there had been a more skilled attacker it would depend on which of my customers&#039; networks had been targeted. With central monitoring and log servers this would sound all kinds of alarms. With the logs kept on the computer I would just be guessing, I might not even know if the server had been restarted.

As soon as the server has been compromised we can&#039;t trust it anymore, it will lie to us (and keep a straight face too). My trusty old PowerEdge would lie to its mother if an attacker told it to.

As for the second question, hopefully no one would be so cruel to &quot;my&quot; network(s) :) It comes down to the trust you put to the employees and then their motivation to do so. Skill only enters into it if the attacker is working alone. n3m0 or someone else could have pulled this off without any kind of knowledge about computers, he would just need a cell phone and a friend.

What are your thoughts?]]></description>
			<content:encoded><![CDATA[<p>Excellent, making people think is one of my objectives 🙂</p>
<p>If we start with the first question, this would depend on a few circumstances. First though, if it comes to this stage it&#8217;s Game Over, we don&#8217;t have a network anymore and have to start from scratch. </p>
<p>When it comes to this specific case in order to answer your question I would have to know what n3m0 did during the hours he spent in the server room. What n3m0 did was really a sledgehammer approach; it left all kind of footprints in different logs. If a server had crashed randomly twice during the night I would have investigated it, since I&#8217;ve created the fictional character n3m0 I can say that yes I would have noticed that something was seriously wrong. </p>
<p>If there had been a more skilled attacker it would depend on which of my customers&#8217; networks had been targeted. With central monitoring and log servers this would sound all kinds of alarms. With the logs kept on the computer I would just be guessing, I might not even know if the server had been restarted.</p>
<p>As soon as the server has been compromised we can&#8217;t trust it anymore, it will lie to us (and keep a straight face too). My trusty old PowerEdge would lie to its mother if an attacker told it to.</p>
<p>As for the second question, hopefully no one would be so cruel to &#8220;my&#8221; network(s) 🙂 It comes down to the trust you put to the employees and then their motivation to do so. Skill only enters into it if the attacker is working alone. n3m0 or someone else could have pulled this off without any kind of knowledge about computers, he would just need a cell phone and a friend.</p>
<p>What are your thoughts?</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: LonerVamp		</title>
		<link>https://ogenstad.net/2006/09/19/the-tale-of-the-disgruntled-employee-part-12/comment-page-1/#comment-305</link>

		<dc:creator><![CDATA[LonerVamp]]></dc:creator>
		<pubDate>Wed, 20 Sep 2006 21:59:21 +0000</pubDate>
		<guid isPermaLink="false">http://ogenstad.net/2006/09/19/the-tale-of-the-disgruntled-employee-part-12/#comment-305</guid>

					<description><![CDATA[As I read this, the question comes up, &quot;What if this employee worked where you do, would you detect this or notice it? Who would do it, just any employee that normally wouldn&#039;t have special privilege?&quot; Kinda puts security into perspective, as many stories like this do (hopefully).]]></description>
			<content:encoded><![CDATA[<p>As I read this, the question comes up, &#8220;What if this employee worked where you do, would you detect this or notice it? Who would do it, just any employee that normally wouldn&#8217;t have special privilege?&#8221; Kinda puts security into perspective, as many stories like this do (hopefully).</p>
]]></content:encoded>
		
			</item>
	</channel>
</rss>