Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Open Source Monitoring (OSM)

advertisement 
Open Source Monitoring
(OSM)
WHAT OSM IS
and IS NOT
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
What OSM is



Open Source Monitoring
Searching/Monitoring for specific
information in any public media
Essential for:
– IT administration
– Human Resources
– Legal

Marketing and performance information
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
What OSM is not




E-mail monitoring
24 x 7 real time intrusion detection
system
24 x 7 real time monitoring of employee
activity
Sole source of information for critical
actions and decisions
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
WHY
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Business Case
Risk = Threat + Vulnerabilities



No one has 100% protection
Knowing threats and fixing them reduces
risk
Saves Money
Information Protection Around the Clock, Around the Globe!
Due Diligence Case

Gain an external view of yourself/company
–
–
–
–
Public opinion
Competitors
Employees/Former employees
Leaks/Threats
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Common Sense Case



Help enforce company security policy
Receive customer feedback on
products/services
Information consolidation
– Single source for multiple purposes
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Types of Media Monitored

Web pages
– Search engines (dogpile, yahoo)
– Search tools (Web Seeker/ Web Whacker)

News postings
–
–
–
–
News clients
News feed
News server
Dejanews
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Types of Media to Monitor

Chat groups (IRC/ICQ) - High Interest
Only
– enter chat group and log
– search through logs for key words

Message Boards
–
–
–
–
–
yahoo
raging bull
cnn
aol
others
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Types of Media to Monitor

FTP
– warez sites
– code
– proprietary information

Legacy/Bulletin Boards
– dial up and become involved
– connections through BBS world

Any form of public media
– news
– tv & radio
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
PROCESS
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Methodologies







Systematic
Continuos
Keyword based
Filtered collection
Report
Organized
Comprehensive
Analyze data
Collect
Collect
Reduce
Analyze
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Initial Meeting

Initial Meeting


Determine reporting
contact
Determine Priority 1,
2, and 3 levels
Pre-Meeting Prep
Develop search criteria
– Keywords (hack, SunOS,
etc)
– Identify Key personnel
(CEO, CFO, CIO, etc)
– Identify company
domains
– Customer specific terms
– Boolean Scripts
– Other issues relevant to
company
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Priority 1





Claims of break-ins against CUSTOMER
Passwords, dial-in numbers or other
critical information which could allow
access to CUSTOMER network
Employees disclosing sensitive corporate
information or trade secrets
Extremely malicious postings related to
products or services
Threats of violence against CUSTOMER
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Priority 1 Example
Analysis: In reply to a request for help with how to implement remote access with no password to a critical network device, an external source suggests putting a “+” in the
.rhosts file which would allow anyone on the network to login into the router with no password.
Re: script to log into router
Author: NAME
Email:ADDRESS@DOMAIN.com
Date:DATE
Forums:comp.unix.questions
Message-ID: <DOMAIN>
Organization: DOMAIN
I don't know about cisco routers, but...
$ rsh remotehostname who
"rsh" is "remsh" on some systems (those where rsh = restricted shell,
you want remote shell).
You'll need to configure your .rhosts file on the remote host.
The simplest thing to do: echo "+" > ~/.rhosts
NAME wrote:
>
>
>
>
>
>
>
>
>
>
>
>
We have SCO Internet FastStart 1.1.0 , ( release 3.2v5.0.2 ) , i want
to make an automatic script that a log into a cisco router .. and
perform 'who' command .. and get the output .. , the whole process
should look like this :
------telnet router
username :username
password:password
who
--------i tried to pass the data through a pipe .. but it does not work ... ,
how can i perform the above by an automatic script !
-NAME
LOCATION
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Priority 2




Employee disclosing sensitive corporate
information in a public forum
Information which could aid an attacker
in gaining access to CUSTOMER IT
resources
Malicious postings related to products or
services that may potentially have a
significant negative impact on public
image
Employee involved in criminal activity
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Priority 2 Example
Analysis: To resolve a network access problem, the suggestion is made to use an exploit tool to gain root access and configure the system as needed. If an employee of a
corporation was either one of the individuals involved in this exchange, it would present potential problems for the employer. In both cases the individuals are engaging in
discussions of how to breakin to systems, and this type of activity reflects poorly on the employer and exposes it to potential liability. The message also indicates that a system
is potentially going to be broken into at some point in the near future, or already has been.
Re: *BACKDOORS*
Author: NAME
Email:ADDRESS@DOMAIN
Date:DATE
Forums:alt.hacking, alt.hackers.malitious, alt.2600, alt.2600.archangel Message-ID: <DOMAIN>
Organization: DOMAIN
>ADDRESS@DOMAIN.com writes:
>: i need some help. can someone tell me where to get a program that will
>: open up a port on a unix box, and allow you to telnet to that port
>: and type a word and shell out as root?
>: i need something that will be loaded into memory and act as a daemon,
>: so that you dont need to edit /etc/inetd.conf or /etc/services.
>: i tried to write one but i dont know enough about sockets and daemons
>: to write something like this.
>: surely some hacker must have this tool they can share with me.
Problem: Your program needs to be running with user-id root to give you
a root shell. Otherwise, it must be a program that will initiate an
exploit when triggered by an incoming connection on the port.
Solution: If you don't have an exploit, you don't have root, so the
problem can't be solved like this. If you DO have an exploit, you don't
need the server program you asked about. I assume you have a standard
user account on this box (if not, you're looking at the stiuation from
the wrong angle). READ about system logs. Telnet in as yourself, fire
off your exploit, become root. Remove the presence from the logs.
Make a backdoor so you can still get in after the expolit has been
patched.
--=> NAME
-=> LOCATION
-=> ADDRESS@DOMAIN
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Priority 3



Employee spending large amount of time
communicating in public forums from
corporate account
Information about protests,
demonstrations, or boycotts involving
customer name
Potential trademark or copyright
violations of CUSTOMER assets
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
General Example
Analysis: An exchange between a person reporting alleged problems with a particular construction product, and a response from another
person who provides information about a class action lawsuit involving the product. Information is also provided about two web sites
acting as virtual clearing houses for problems related to this type of product.
Re: COMPANY Siding Problems
Author: NAME
Email:ADDRESS@DOMAIN.net
Date:DATE
Forums:alt.consumers.experiences
Message-ID: <DOMAIN>
Organization: DOMAIN
HEY! there is a class action suit against NAME!
Come by my webpage at http://DOMAIN.net/ see more information and a list of siding lawsuit sights.
http://DOMAIN.com/Default.htm is a clearing house for siding
problems especially COMPANY!
email me at ADDRESS@DOMAIN.net for more info.
In article <DOMAIN.com>, ADDRESS@DOMAIN.com (NAME) wrote:
>
>
>
>
>
>
>
>
>
>
Bought a new house in June of 1993 with COMPANY oriented
strandboard siding. Advertised as having a 25 year warranty.
Started having problems with the siding within 3 months. Have
been fighting a 5 year battle with COMPANY to have them stand
behind their product. Currently getting bids to have the siding
replaced at my expense because their 25 year warranty product is
falling apart. For everyone's information, several products of
this type have been marketed to many thousands of people with
the same result. Does L.P. ring any bells. Stay away from
oriented strandboard siding.
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
1st Quarter
Initial Meeting

1st quarter
Search on keywords and findings from initial meeting
–
–
–
–
report weekly
continuos contact with client for modifications to criteria
Anything critical report immediately confirm receipt
review with customer to insure they are receiving what they
want and need when they want it and need it
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Review
Initial Meeting

Weekly reports
Review
– Assure keywords and
key personnel have not
changed
– Review and update
keyword lists at end of
1st Quarter
Review
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Continuing effort
Weekly reports
Initial Meeting
Collect
Collect
Reduce
Report
Review
Analyze
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
COLLECTING
Collect
Collect
Reduce
Report
Analyze
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Collection Examples

Set up a news server

Group of people collecting and reporting

Subscribe to email lists and filter data
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
News Feed
Internet
News
alt
other
comp
bus
Reporting
Server
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Own News Feed continued






Bring in news feed
Break down the messages next message number
by groups
find
Program search for key
CUSTOMER AND (kill
words developed by
or break or password or
customer
hack)
Flag suspect messages
CUSTOMER AND
Send messages to
(security or fire or bomb
reporting server
or boycott)
Determine value of
message
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Collectors at Home
Each collector
receives one client

Internet

Responsible for
searching web, news,
and message boards
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Email Lists
listserv@rmsbus.comcsr
majordomo@greatcircle.com
majordomo@unify.com
majordomo@firewall.sickkids.on.ca
majordomo@starfury.services.soscorp.com
owner-ascend-users@max.bungi.com
majordomo@connect.com.au
bos-br-request@sekure.org
majordomo@greatcircle.com
majordomo@unify.com
majordomo@firewall.sickkids.on.ca
subscribe@onelist.com
cyberlist-watch-digest-help@ioshua.rivertown.net
hchat0a@gmx.net
majordomo@starfury.services.soscorp.com
owner-ascend-users@max.bungi.com
majordomo@connect.com.au
bos-br-request@sekure.org
cyberlist-watch-digest-help@ioshua.rivertown.net
hchata@gmx.net
CUSTOMER
CUSTOMER
CUSTOMER
CUSTOMER
CUSTOMER
AND (kill OR break OR password OR hack)
AND (security OR fire OR bomb OR boycott)
NAME
PRODUCTS
SERVICES
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Reduction


Web Page updates
Collect
Collect
Following news
Reduce
Report
Analyze
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Analysis



Time saving
Must have
accompanying logic
Multi-layered
First Review
Tech Review
Collect
Collect
Report
Reduce
Customer centric
Review
Analyze
Information Protection Around the Clock, Around the Globe!
Reports

Single source - multi layered
Collect
Collect

Tailorable

Timely (weekly & ad hoc)

Electronic based
Reduce
Report
– ease of redistribution
Analyze

Feedback loop ESSENTIAL
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
PROS & CONS
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Pros

Provide current and trend data on
threats to company

Meet requirements for “due diligence”

Ensure employees comply with policy

Performance feedback
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Cons

Competitive intelligence, potential for
extortion and industrial espionage

Ambulance chasers

Conflict of interest
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Conclusion





Intended to be one part of overall
security posture
During an Incident, OSM is an essential
partner to your IRT
Policies without enforcement are not
worth the paper they are written on
Your competitors are using it
What you don’t know can’t hurt you,
right?
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Underestimating the impact can be
costly...
"The biggest mistake people make is
they underestimate the threat."
Jeff Moss, founder of Def Con
(the largest annual hacker convention)
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Contact Information
Rob Karas
PARA-PROTECT
SERVICES, INC.
5600 General Washington Drive
Suite B-212
Alexandria, VA 22312
rob@para-protect.com
http://www.para-protect.com
Phone: 703-658-7746
Toll Free: 888-402-PARA
Information Protection Around the Clock, Around the Globe!
Proprietary Information – Not for further Distribution
Related documents
Year Two Homework – Thursday 12th September 2013
Year Two Homework – Thursday 12th September 2013
altitude/elevation - Magnet Middle School
altitude/elevation - Magnet Middle School
Population Growth Rate Calculations Using the World Population
Population Growth Rate Calculations Using the World Population
William Shakespeare 1564-1616
William Shakespeare 1564-1616
WAKE UP
WAKE UP
HR Globe Consulting Profile
HR Globe Consulting Profile
Motion Diagram Worksheet 1. Create a motion diagram
Motion Diagram Worksheet 1. Create a motion diagram
2nd Grade Sight Words
2nd Grade Sight Words
Download
advertisement