The Story of an Insider - Introduction

I really enjoyed writing my first story in November, and I received loads of great feedback so I thought I'd do another one but from a slightly different angle. As well as writing my usual posts writing these stories really helps me learn new and different things.

So for my second effort I'm going to present a 3 part story. The first part will be the attackers story, the second and third parts will be the defenders perspective, focusing on the discovery of the attack and then some forensics thrown in for fun. I must point out that I am in no way trained in forensics, the techniques I will discuss would be those that any Systems Administrator could use to investigate an incident on his or her network after gaining permission.



Setting the Scene

As the title suggests this story will be about a rogue employee who feels poorly treated by his employers and wants revenge. His evil intention is to access restricted files and the sell plans for the eargerly awaited GNUphone to a popular website. Sounds easy? Well maybe I'll make things a bit interesting for him.

On the defending side is a keen Systems Administrator who looks after his network as if it's his baby. He has fought with management to have policies and procedures put in place to make his network secure.



So throughout December we'll see what the attacker does to get to the data, and what the Sys Admin does to try to prevent, detect and investigate the incident.

Part 1 - The Insiders Story


Part 2 - The Sys Admins Story

Part 3 - Playing at CSI