Ever been hacked? Had information stolen? Who do you turn to? What do you do? No matter what the level, a security breech has occurred and action must be taken to ensure a repeat offense doesnâ€™t happen. The first reaction to a security breech is to isolate it and fix it as soon as possible. However, writing to the systems in any way can cause clues to be overwritten. Therefore it is important to discover the identity of the attacker.
The more quickly that forensic analysis is performed the more likely that the attacker, vandal or thief will be apprehended. One of the best places to start in analysis is making a copy of the system that hasnâ€™t been written to. For Windows this is done using a program like Ghost. On the Mac platform using Carbon Copy Cloner or the Disk Utility to create an image is a good move. It is best to get a copy of your system as soon after a security incident as possible.
On local systems, there are some valuable pieces of information that can be obtained about the identity of the person stealing data. This can be anything from the IP address of the attacker to the name of the drive theyâ€™re transferring data to. On many Operating Systems valuable logs or cached files are overwritten on a routine basis. If a clone is made, it is often best to create a clone, or a replica of the system in its current state, as soon as possible.
If itâ€™s a server, then the logs of the server provide good clues as to where to look for the perpetrator. Once again it is helpful to create a clone of the system. However, this is not always possible on production servers. Copying the log files is the next best thing.
Firewalls can provide good clues as well. The logging cycles on firewalls typically store data for a shorter period of time than on workstations or servers. Creating a screen shot in PDF format of the firewalls logs or exporting the logs into a text file is a good starting point. Firewalls typically provide good information on what addresses are communicating with a network. This makes them good at specifically determining the identity of the attacker and according to logging levels, the attacks used.
No matter what the issue, time is of the essence. Contacting a professional to help is a good idea. Getting the FBI or the LA County District Attorneys office involved can take time and this can cause clues to be damaged, lost or destroyed. IT professionals can also assist in creating a chain of custody on the equipment that can later be used in court when and if the person whoâ€™s invaded your privacy is apprehended and put to trial.
krypted August 28th, 2005
Posted In: Mac Security
Earlier, we described a LUN. In Xsan you can take multiple LUNs and stream data to them in a round-robin fashion. When doing so you will group them together in what Xsan calls Storage Pools. Each Storage Pool has a maximum throughput of about 4 LUNs worth of storage. Each of the LUNs (in Xsan 1.0) has a maximum of about 2TB in capacity. Therefore each Storage Pool can typically net you around 4gbps of speed and about 8TB in capacity. You can then lump multiple Storage Pools into a given Volume to obtain volume sizes of 32, 40, 48, etc. TB. However, when you do so you will not attain more than 4gbps of concurrent streams from one host to the storage. But instead, you are increasing your aggregate bandwidth between hosts.
krypted August 11th, 2005
Posted In: Xsan
To quote wikipedia:
krypted August 2nd, 2005
Is it me or are people here a little strange. On the outside they seem like loners that want to keep to themselves but then there’s a strange dichotomy where they also seem likely to wear a crystal around their neck and build houses out of recycled tires. Cool town, if a bit desolate.
krypted August 1st, 2005
Posted In: On the Road