Toggle navigation
Toggle navigation
Home
DCUM Forums
Nanny Forums
Events
About DCUM
Advertising
Search
Recent Topics
Hottest Topics
FAQs and Guidelines
Privacy Policy
Your current identity is: Anonymous
Login
Preview
Subject:
Forum Index
»
Political Discussion
Reply to "OK... you wanted a Russia investigation, so DNC, start to cooperate"
Subject:
Emoticons
More smilies
Text Color:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Violet
White
Black
Font:
Very Small
Small
Normal
Big
Giant
Close Marks
[quote=Anonymous][quote=jsteele][quote=Anonymous] "Moreover, firewalls and IDS and most security devices would be useless to investigate in themselves." No. How are you going to get the running configurations of the firewall and IDS from an audit log stored on another device? No. It doesn't dump it's configuration to an audit log. That would be an OPSEC problem right there. [/quote] I'm going to take the time to expose your cluelessness line by line. The current configuration of firewalls and IDSs is of no concern. What matters is the configuration at the time of the intrusion. Even those configurations are not actually that important since they can be deduced from the traffic logs. At any rate, normal procedure is to keep backups of configurations. Among other things, that helps when you need to roll back to an earlier configuration. Again, having the physical device is of no help and seizing such devices and removing them from the DNC's network would be very problematic, probably causing the network to cease functioning. [quote=Anonymous] "Seizing a firewall would provide no benefit. " No. How do you know if the firewall was properly configured? ALLOW ALL ANY <---> ANY will invalidate just about any valid configuration of the best firewall. So will screwing around with the firmware of a firewall. .[/quote] That can be easily determined from the traffic log. Have you actually ever administered a firewall? [quote=Anonymous] "What is actually important are the log files which are not stored on the devices themselves." I want to see the routers themselves to see running configurations. Furthermore, how the hell do I know that logging is properly implemented on appliances around the DNC IT shop? [/quote] The running config can be provided without having to provide the physical device. If logging was not properly implemented, that will be revealed by the logs themselves. Similar to my question above, have you ever administered a firewall? [quote=Anonymous] Jeff, you have pretty much given away the fact that you don't have a clue about what you are talking anout and have never conducted an actual investigation into a network intrusion (or least not a credible one).[/quote] Wrong. I worked as a network security engineer in a government facility for several years during which time I conducted multiple investigations of network intrusions (even one originating from Russia). I have years of experience administering routers, firewalls, IDSs, and other network security devices. I had a CISSP certification, though I haven't bothered to renew it since becoming self-employed. [/quote] "The current configuration of firewalls and IDSs is of no concern. " They sure are, because you find out how they get extracted information out of the network. "At any rate, normal procedure is to keep backups of configurations." We're not talking about normal configurations obviously. That's done by competent people, not incompetent morons at the DNC. "What matters is the configuration at the time of the intrusion. Even those configurations are not actually that important since they can be deduced from the traffic logs" No, definitely not. The time of the intrusion? The intrusion can go on for years once it begins and one of the first things that happens are logs get overwritten. Tell me how great your logs are when your whole network isn't time synced. Tell me how great your logs are when you get hit by a zero day. Again, we're talking nation-state according to you. "That can be easily determined from the traffic log. Have you actually ever administered a firewall? " No actually it can't. Tell me from your log files what ports were open and closed on the firewalls at the time of the incident(s), who logged in via an encrypted tunnel if they previously disabled logging on the FW, what the running configuration is, and if the firmware is genuine or the MD5 hashes of the firmware are actually valid? "Wrong. I worked as a network security engineer in a government facility for several years during which time I conducted multiple investigations of network intrusions (even one originating from Russia)." - Glad I didn't hire you. Advanced Persistent Threats can be in networks for years, especially when it involves nation-states, and it's obvious you don't have a clue WTF you're talking about. But yes, you have it all solved. So who done it, govvy CISSP hack-boy?[/quote]
Options
Disable HTML in this message
Disable BB Code in this message
Disable smilies in this message
Review message
Search
Recent Topics
Hottest Topics
