?
Solved

how would one know if one has been 'hacked'?

Posted on 2005-03-23
8
Medium Priority
?
194 Views
Last Modified: 2013-12-04
ok, this is a pretty weird question ;)
how would somone know if they have been 'hacked' (besides the obvious accounts mysertously being craeted.. file being created/going missing) etc

I have only been a net admin for this company for about 8 months and although before then I did read as much as I could on computer security.. but because im not an expert im pretty sure one day if not already this network will be hijacked... but how would I knwo if somone on the outside has already been in the network?
ive never seen anythjing out of the ordinary.. not even in the security logs. Its the same at home.. I dont think my home network has ever been 'hacked', but im not at careful about doing things as I am at work (i.e. I log in as admin and do all my work on that account at home :/ )

but in saying this.. I am not a moron.. I dont go around clicking on suspicious things and I know about social engineering (watich TakeDown and reading Mitnicks book).. so maybe thats why ive never expericenced a 'hacking'

I dunno.. your opinions are most welcome :)

~Binks
0
Comment
Question by:dr_binks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 12

Accepted Solution

by:
rossfingal earned 1200 total points
ID: 13611913
Hi!

Run this for starters - "Rootkit Revealer" from:
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
Before you run it, change its name to something random xxxxxxxxxx.exe -
people using these rootkits have been configuring them to
block "Rootkit Revealer" when run as default name.

RF
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13611939
Hi!

well, I guess you don't have to worry about renaming it - that has been taken care of.
See here:
http://blogs.msdn.com/robert_hensing/archive/2005/03/23/400934.aspx

Good luck!

RF
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13612038
And, if you do stop by Robert Hensing excellent blog - here's some more articles that
you may find interesting:

http://blogs.msdn.com/robert_hensing/archive/2005/01/10/350344.aspx
http://blogs.msdn.com/robert_hensing/archive/2005/02/22/378363.aspx
http://blogs.msdn.com/robert_hensing/archive/2005/01/14/353156.aspx

Some long reads, but worth it.  :)

Regards!

RF
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 5

Author Comment

by:dr_binks
ID: 13612121
hehe, thanks :)

ill wait for some more comments then ill see about giving out points
cheers

~Binks
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13612451
No problem!  :)

Here's some more useful tools to help find things that try to hide (free):
{Silent Runners}    http://www.aaronoff.com/silent_runners/

{EScan-mwav}           http://www.mwti.net/antivirus/free_utilities.asp (free version)

{GetService}   http://www.bleepingcomputer.com/files/spyware/getservice.zip

{DLLCompare}    http://www.gatesofdelirium.com/ee/tools/

{Startdreck}         http://www.niksoft.at/_data/startdreck.zip

Good luck!

RF
0
 
LVL 12

Assisted Solution

by:Phil_Agcaoili
Phil_Agcaoili earned 800 total points
ID: 13614297
Ross has give you a lot to go with.

I take it from the perspective, what DON'T these tools show you?
On specific machines (e.g. finance, HR, and file servers), we keep an eye out on the network and the systems using firewalls, honeypots, log event monitoring tools, IDS, IPS, etc. looking for system, network, account, and file system probing (aka someone that is not-knowledgeable on the internal network to someone that is somewhat knowledgeable as an IT person searching for information, trip a honeypot, trip some alerts on systems that they may NOT have access to, and then we watch what they're up to.

We've found mail admins reading other people's e-mail, auditors looking at documents that IT/finance didn't give them access to, etc.

The human element is there, so we look beyond these guides at what someone would do if, for example, you went on vacation and you gave them a key to your house.  Do they just come in and take care of what you asked them to take care of OR do they throw a party, look in your underwear drawer, sleep over, etc.? You're more likely to detect a truly malicious or detect someone that you shouldn't trust that's already in your house.  Security logs from all sorts of multi-layered, multi-facted security tools (defense in depth) is your best bet to detect an intruder (a trusted person or someone from the outside) that has access to your internal network.

It's a hunt.

HTH.
0
 
LVL 5

Author Comment

by:dr_binks
ID: 13614952
thanks for your info guys :)
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13615062
Your welcome!  :)

By the way - I do agree with the concepts that PA comments about above.
Having to use these tools is like "closing the barn door after the horeses have escaped"!

Here's an interesting bit of info on "Social Engineering" and security:
http://infosecpotpourri.blogspot.com/

OucH!!!  :)

RF
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month13 days, 4 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question