I think the community in general will benefit from this discussion. I have an IT horror story I would like to tell everybody about. Additionally I have discovered some solutions to some IT problems, which may have been faced by others in the community. A few years ago I started going to college, and got wholluped by a gang of social engineers in the omaha/bellevue area. Unbenounced to me they were actually preforming skits on me in order to preform black mail attacks at a later date. Now you may believe that if you aren't doing anything wrong you should be immune, right? Wrong. Let me tell you about one of the skits they preformed on me. Somehow they snaked my keys, and while I was unconcious in my house they snuck in and one of the girls, in a bikini or skanky underwear swung her leg over my unconcious body, and snapped a selfie of her on top of me with me completely unconcious. I wake up and she is streaking out of the house with the photo. A few years later I make the business scene, and unbenounced to me they were sharing this with the companies I was visiting. The security guards started using the security cameras, some scotch tape, and a red pen to put a targeting reticule on the outdoor secruity cameara monitor so that they could accurately shine the camera distance sensor/IR LEDs into my eyes. This was one of the skits they preformed on me. As you can see, there was absolutely no way to prevent that one from happening. To this problem I believe I have divined a solution:
The solution to black mail;
-No public facing accounts for security guards. If they deliver it to your email then don't react to it until they show up to the company, then next rule.
-Arrest all individuals eliciting black mail on employees to your company and let the cops figure it out.
-Required FBI training course on this topic with this info in mind.
-Charge the companies that trade in black mail or react to it with harassment otherwise the employees are all in danger. This is necessary because as you can see some black mail is unavoidable. This means if your people harass someone due to the data token delivered you must charge them.
I have a few more rules I have divined due to my brush with this.
-In regaurd to security it is best to keep cards close to the vest so as to prevent co-workers wo are actually corporate espionage artists from hijacking your security/case. They could be superiors or inferiors.
-Seperation of concerns is used to prevent co-workers from sabatoging your projects, and also to prevent them from having too much access to your valuables.
-Disinformation is used to smoke out leaks, and vast options of disinformation tactics should be thought out ahead of time in order to have a plan ready before problems arise.
-Disinformation tactics should be applied more than once to ensure they are in fact the leak.
-Accounts and cryptography can also be used to smoke out leaks. Accounts log access, and crypto ensures non-repudiation. Don't share crypted info.
-Code closer to the database is more secure, however is harder to write generically. Good for bulk load scenareos.
-Security guards are often the weakest link, due to the fact that they are loyal to the company, not all of society, and they are susceptible to black mail ingestion. When a security guard acts on black mail they need to be fired, and charged with harassment due to the shrinking of the companies talent pool. Some black mail procedures trick an individual with no wrong doing on the targets part.
-Janitors should not have access to the server room.
-Outdoor security cameras should not be used in an indoor setting, they have distance sensors, and IR LEDs that harm employees eyes. Instead, your network infrastructure and network security monitoring and screen spy software should be used instead of taping everything that goes on in the programmers terminal.
-Your purpose is not to litigate, it is to protect your data. It is hard to litigate IT stuff due to the fact that Remote Access Tools exist. (have encountered one of those attempts too).
-Various traps (all avoidable to the non-malicious) may be laid to log attempts to elevate privalages, such as honeypots, etc.
-Use network security monitoring, but simultaneously monitor for the sale of other employees packets. If the employee claims that other employees are doing spooky stuff, then ask which term they searched for and trace the network path. Could be ISP, or your network security guy, or any link in-between. VLans are great. You can trick the enemy to reval themself by using the targets search packets to trace which link is preforming the sniffing.
-Any employee can raise emnity in the company, usually it's oriented around their skillset and job function.
-Site to Site VPN can negate malicious ISP monitoring, but you should try to leak packets and determine their path to determine who has access to the netwok outside your perimiter. Contact the head of the ISP for better results. Becomes a top down investigation.
