Monday, December 1, 2008

The Story of an Insider - Introduction

I really enjoyed writing my first story in November, and I received loads of great feedback so I thought I'd do another one but from a slightly different angle. As well as writing my usual posts writing these stories really helps me learn new and different things.

So for my second effort I'm going to present a 3 part story. The first part will be the attackers story, the second and third parts will be the defenders perspective, focusing on the discovery of the attack and then some forensics thrown in for fun. I must point out that I am in no way trained in forensics, the techniques I will discuss would be those that any Systems Administrator could use to investigate an incident on his or her network after gaining permission.



Setting the Scene

As the title suggests this story will be about a rogue employee who feels poorly treated by his employers and wants revenge. His evil intention is to access restricted files and the sell plans for the eargerly awaited GNUphone to a popular website. Sounds easy? Well maybe I'll make things a bit interesting for him.

On the defending side is a keen Systems Administrator who looks after his network as if it's his baby. He has fought with management to have policies and procedures put in place to make his network secure.



So throughout December we'll see what the attacker does to get to the data, and what the Sys Admin does to try to prevent, detect and investigate the incident.

Part 1 - The Insiders Story



Part 2 - The Sys Admins Story





 

7 comments:

blad3 said...

sounds interesting :)

Anonymous said...

I'm looking forward to this. Your last story was excellent!

Anonymous said...

If it's as good as your last scenario this is going to be good =)

SynJunkie said...

Thanks for the comments guys, I should have the first part up shortly.

Syn

Anonymous said...

This stories you do are great.

LonerVamp said...

I've long wanted to also post stories, fiction and nonfiction, but have not had the time. But I do feel there is a demand and space to put some out there, so I'm glad you are!

SynJunkie said...

Hey thanks LonerVamp. I'm bit of a fan of your site too and I appreciate the feedback.