instauratio
Sat Dec 17 17:30:02 CST 2005
I will do my best - thanks
"Panda_man" wrote:
> My reply is at the bottom of your message
>
> "instauratio" wrote:
>
> > I have other reasons to be suspicious, but I guess I didn't want to be
> > paranoid. I'm quickly changing my mind though.
> >
> > One public folder has mysteriously lost contacts twice. At first I thought
> > "user error" but I'm concerned because the there are only 5 users and the
> > odds of any of them doing twice are slim.
> >
> > This appears to be an intruder who is toying a little. It's as though he
> > wants to cause enough mayhem to get noticed but not enough to raise
> > suspicions??
> >
> > I don't know, but what I'm trying to understand is: if someone is in control
> > of a machine by remote - wouldn't I have some way of checking this or seeing
> > this? Wouldn't he have to leave a footprint somewhere?
> >
> > I can and will set about securing the network with every concievable method.
> > But I would really like to know for certain that someone is trespassing or
> > not. How can I find out. I don't really even care who, I just want to know if
> > they are, and how they did it (forensics).
> >
> > I have an idea that I will start loggin firewall activity since all traffice
> > goes through this one port. but what do I look for in the log?
> >
> > thanks for all the advice!
> >
>
>
> Panda_man >> No problem ,you are welcome.
> The footprint is more files( huge increase of files) or huge decrise of
> files (less files).
> Sometimes he/she may leave some file especially for the user (but rarely).
>
> Well, I can't tell you more because I am not a hacker .I don't know what
> footprints they leave.By the way they delete all the tracks...:)
>
> The most sure way you can prevent is to have router (hardware firewall)
> ,firewalls on all workstations.The less exceptions the better.
> Why don't you use software for behaviour analyze or a software that would
> keep the confidential information so that nothing can get it out from the PCs
>
> Symantec and Panda have such things ,I belive...
>
>
> instauratio wrote:
> > I don't know, but what I'm trying to understand is: if someone is in control
> > of a machine by remote - wouldn't I have some way of checking this or seeing
> > this? Wouldn't he have to leave a footprint somewhere.
>
> Panda_man >> As I told you ,everything is controled by programs.They use
> software (called hack software ) or other malicious software.
> As I told you ,check the computers (ALL computers) with
>
> Microsoft Antispyware
> Ad-Aware SE
>
> Antivirus software ( your Antivirus software may support hack tools catching
> ,if it doesn't ,find some)
>
>
> If the machines are malware free ,you may install a behaviour analyze
> software ,like Panda TruPrevent .It isn't advertisement but their products
> are may best I have ever used.
>
> It is a new technology created in August 2004 by Panda Software that uses
> special
> Genetic Heuristic engine and its behaviour analyzis
>
> and that's why it is capable to catch ,block ,neutralize and protect you
> from all kind of malware ,such as new viruses ,new trojans or worms ,new
> spyware /adware ,dialers ,keyloggers ,hacking software ,suspicious software
> and everythings like that.
>
> It has also a proactive technology that protects you even from
> known threats that your general AV or AS has dropped (missed)
> It has technology to detect intrusion attemps.
>
> It doesn't generate false positives !
>
> And make sure ,it has may be best instinct of self-preservation .There is
> no malware that can turn it off.
>
>
> Also ,its behaviur analyzis helps to block any suspicious operation .It
> scans all proceses and then decides .It would block it.If somehow something
> bypasses the firewall and the other regular securities ,Panda will detect it.
>
> Panda TruPrevent is available in two versions:
> 1. Personal edition
> 2. Corporate edition
>
> You say the network is 5 computers only so may be the Personal ed. would be
> better but you have the choice only.
>
> You may get the free trial version from here ,use it for 30 days and they
> buy or remove:
>
http://www.pandasoftware.com/products/TruPrevent_Personal2006.htm
>
>
http://www.pandasoftware.com/download/register.htm?CodigoProducto=42&TipoLead=2&TipoUsuario=2&Tipo=1&Ref=WWEN-TPC5-DES&Idioma=2&Country=US&sec=down
>
>
> And ,just a suggestion ,don't be so paranoid :-)
> If you can't find anything or these instructions seems difficult ,find
> someone who can help you in place ,I mean ...can see the machines personally
> and work on them .It is difficult for me to talk such a general things
> ,because you know it is difficult to control such a things remotely.
> I mean ,I told you the general things that should be done but nothing more
> because I am not in front of the machines.
>
> Good luck !!!
>
> :-)
>
> Panda_man
> --
> Let's beat malware black and blue
> Panda TruPrevent - the most intelligent technology to combat unknown malware
>
http://www.pandasoftware.com
>
http://www.microsoft.com