Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

how would one know if one has been 'hacked'?

ok, this is a pretty weird question ;)
how would somone know if they have been 'hacked' (besides the obvious accounts mysertously being craeted.. file being created/going missing) etc

I have only been a net admin for this company for about 8 months and although before then I did read as much as I could on computer security.. but because im not an expert im pretty sure one day if not already this network will be hijacked... but how would I knwo if somone on the outside has already been in the network?
ive never seen anythjing out of the ordinary.. not even in the security logs. Its the same at home.. I dont think my home network has ever been 'hacked', but im not at careful about doing things as I am at work (i.e. I log in as admin and do all my work on that account at home :/ )

but in saying this.. I am not a moron.. I dont go around clicking on suspicious things and I know about social engineering (watich TakeDown and reading Mitnicks book).. so maybe thats why ive never expericenced a 'hacking'

I dunno.. your opinions are most welcome :)

~Binks
0
dr_binks
Asked:
dr_binks
  • 5
  • 2
2 Solutions
 
rossfingalCommented:
Hi!

Run this for starters - "Rootkit Revealer" from:
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
Before you run it, change its name to something random xxxxxxxxxx.exe -
people using these rootkits have been configuring them to
block "Rootkit Revealer" when run as default name.

RF
0
 
rossfingalCommented:
Hi!

well, I guess you don't have to worry about renaming it - that has been taken care of.
See here:
http://blogs.msdn.com/robert_hensing/archive/2005/03/23/400934.aspx

Good luck!

RF
0
 
rossfingalCommented:
And, if you do stop by Robert Hensing excellent blog - here's some more articles that
you may find interesting:

http://blogs.msdn.com/robert_hensing/archive/2005/01/10/350344.aspx
http://blogs.msdn.com/robert_hensing/archive/2005/02/22/378363.aspx
http://blogs.msdn.com/robert_hensing/archive/2005/01/14/353156.aspx

Some long reads, but worth it.  :)

Regards!

RF
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
dr_binksAuthor Commented:
hehe, thanks :)

ill wait for some more comments then ill see about giving out points
cheers

~Binks
0
 
rossfingalCommented:
No problem!  :)

Here's some more useful tools to help find things that try to hide (free):
{Silent Runners}    http://www.aaronoff.com/silent_runners/

{EScan-mwav}           http://www.mwti.net/antivirus/free_utilities.asp (free version)

{GetService}   http://www.bleepingcomputer.com/files/spyware/getservice.zip

{DLLCompare}    http://www.gatesofdelirium.com/ee/tools/

{Startdreck}         http://www.niksoft.at/_data/startdreck.zip

Good luck!

RF
0
 
Phil_AgcaoiliCommented:
Ross has give you a lot to go with.

I take it from the perspective, what DON'T these tools show you?
On specific machines (e.g. finance, HR, and file servers), we keep an eye out on the network and the systems using firewalls, honeypots, log event monitoring tools, IDS, IPS, etc. looking for system, network, account, and file system probing (aka someone that is not-knowledgeable on the internal network to someone that is somewhat knowledgeable as an IT person searching for information, trip a honeypot, trip some alerts on systems that they may NOT have access to, and then we watch what they're up to.

We've found mail admins reading other people's e-mail, auditors looking at documents that IT/finance didn't give them access to, etc.

The human element is there, so we look beyond these guides at what someone would do if, for example, you went on vacation and you gave them a key to your house.  Do they just come in and take care of what you asked them to take care of OR do they throw a party, look in your underwear drawer, sleep over, etc.? You're more likely to detect a truly malicious or detect someone that you shouldn't trust that's already in your house.  Security logs from all sorts of multi-layered, multi-facted security tools (defense in depth) is your best bet to detect an intruder (a trusted person or someone from the outside) that has access to your internal network.

It's a hunt.

HTH.
0
 
dr_binksAuthor Commented:
thanks for your info guys :)
0
 
rossfingalCommented:
Your welcome!  :)

By the way - I do agree with the concepts that PA comments about above.
Having to use these tools is like "closing the barn door after the horeses have escaped"!

Here's an interesting bit of info on "Social Engineering" and security:
http://infosecpotpourri.blogspot.com/

OucH!!!  :)

RF
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now