Jump to content

Wetwork

Active Members
 View Profile  See their activity

  • Posts

    163

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Posts posted by Wetwork

    Freenas Help

    in Questions

    Posted

    I have a FreeNAS on 3.0 Dual core with 2 gig of ram on a gig network with 6 - 1 TB HDD 7200RPM with a RAID5 setup and the best transfer speeds that i am seeing is somewhere between 7 - 9 mbps. This is due to the limitations of the FreeNAS o/s to be able to do asynchronous read/writes from the NIC card to the Drives and then back. This issue is being addressed according to the Freenas forums and they hope to resolve it with the next release (god knows when that will be considering that it was several YEARS in between this current version and the previous)

    My best advice is either deal with it or go forth and spend money on a REAL NAS because with your setup your not going to be getting any better with your present config

    Employee Problems & Monitoring Needed

    in Business and Enterprise IT

    Posted

    regardless, I still say that you should fire her twice then invoke a mandatory password change for all users and then re-evaluate your network security policies. If she was able to gain access to ANY dataset that she was not privileged to then that is terms for dismissal with no reference.

    Btw MY password is the true name of god in reverse with symbols. So no one knows it besides me and him :rolleyes:

    Lol i should have made it more clear:

    1) 'Level 4' is what we nicknamed our main terminals that give direct access to our server (wired). our nicknames are there to remember them easier for instance: Level 1 - normal computers all employees have access level 2 - Field equipment (laptops) only supervisors can login to these and then grant permissions to the employee who needs it. level 3 - IT only level 4 - Server access (me and 2 other IT's).

    2) She had access to the system so she could grab a backup of a previously fried HDD. As she was on our IT team and was given temporary access. Our servers are divided into 3 groups LAN backups/files (normal stuff running SMB), Web/HTTP servers and finally our 'offline' backup server which has all of our HDD images that we take approximately once every 2 months. She used the latter one for to get her HDD image. Essentially (for security and the fact we hardly need to use these backups) we just dump them over the network (off work hours) and then after words when they are needed put them back physically (dump to external hdd of same size then finally dump back to computers HDD).

    3) our passwords for normal users are required to be 12 chars. long and alpha numeric all HDD are encrypted with AES-256 BIT XTS mode using TC and a password like:

    su6jP!zX'_v31Gf0'\IA?2b;6\fY)B$stCCT4V+<4\`/b$WE}i.#x")8sN2zO,+ (64 Chars)

    no one besides IT and Administration of course no these (kinda annoying when we have to turn on 40/50 comps a day but oh well) networks admin passwords are also 12+ alpha numeric + symbols.

    Security isn't the issue but mainly policy regarding giving access to people who (rightly) should be supervised by an IT personnel such as myself or the other 2. Guess my supervisor didn't think it mattered too much as it was just a back up. As for the email we block most but Gmail is what we use so it isn't blocked sadly. Maybe this will get them to finally pay for an Enterprise account and setup on our own servers :P

    EDIT: Ironically what she stool was the HDD backup she had to "Restore" and then mounted it and grabed files from it

    EDIT #2: A quick note: This goes to show that no matter how secure something is human error always lets the bad guys in. Also to clear one more thing up i no longer work for said company as of late me and a friend decided it was time to invest in our own IT firm/Security audit company.

    Employee Problems & Monitoring Needed

    in Business and Enterprise IT

    Posted

    Also, why not question her why she accessed a level 4 computer w/o authorization. It might be late but just say "on our monthly audit, we noticed you had accessed this machine and copied certain files, why was this done?" she'll know shes in trouble but if she thinks she can lie well enough she'll be good to go. Also, can you make a clone of her HD? its YOUR computer, you can do what you want with it ie: hardware keylogger

    Screw that!......Fire that bitch....twice!!!

    Its obvious that you have all the proof that you need to take whatever termination action that you need to. Why go through the whole Perry Mason act when you have her by the short hairs :angry:

    Employee Problems & Monitoring Needed

    in Business and Enterprise IT

    Posted

    Wait. You're allowing someone to just plug a 3G stick into a company computer?? How the fuck does that fly? She just completely bypassed your firewall. Throw her ass out on those grounds right there.

    Barry is 100% right! if you have a stated policy against using 3rd party hardware on company systems then she is in clear violation and you have the right to enforce disciplinary actions against her. It wont recover the files that she stole but it seems like the burden of proof is against her already.

    My Biggest Issue/fear For My It Job Hunting Quest.. The Cover Letter

    in Business and Enterprise IT

    Posted

    The cover letter these days is not nearly as important as a resume that shows what experience and diversity you have. Just starting out its tough to come up with the experience side of the equation. I would advise listing all projects that you have engaged in as a Net Admin including stuff that you did in college until you can broaden your resume with real life exp

    If you are stuck on the cover letter, keep it brief and try to come up with a solid description of your self that is no more than 2 paragraphs and include some personal hobbies that are involved in the IT world. Recruiters don't want to sit there and look at a cover letter that looks like War and Peace

    PM me and i would be glad to show you some examples of resumes & cover letters that can turn heads

    Undetectable Keylogger

    in USB Hacks

    Posted

    It might be a moot point anyway because it seems that the poster has dropped off the hak5 radar and isnt accepting PM's unless the mods have done away with him. Hopefully someone else can make a decent o/s independent keylogger that we can play around with for strictly educational purposes because none of us would use this for nefarious means *sic*

    Hdd Dump Programs

    in Security

    Posted · Edited by Wetwork

    Thanks one and all!

    The ATA command might be the best way to go but i still think that there might be a way to degauss the HDD by interfacing a electromagnet to a HDD inside the case to go for the instant nuke.

    Granted with whole disk encryption and a good hammer no one is going to access the drive but depending on the vigilance of the law enforcement monkey who comes a knocking he might just have to go through the whole electron microscope process but will have a bitch of a time getting through the whole disk encryption

    Doing a little homework of my own i ran across this

    http://www.bhphotovideo.com/c/product/4228...ive_Holder.html

    Im sure that the components can be busted out of the case and then interfaced with the HDD inside the box that can be activated via a toggle switch on the front of the case and nuke the whole thing with the flip of a switch. It will prob wipe out the memory and the cpu at the same time making the box a brick. This might be a consideration as well with the advent of cold boot attacks that can get whole drive encryption hashes and keys from the ram

    I will see if i can get one of these on fleebay and see if its a viable possiblility

    will keep everyone updated

    Hdd Dump Programs

    in Security

    Posted

    Operating systems don't like formatting themselves

    Yes, this is true but even under linux there is no way to bypass that little wrinkle and MTF wipe the drive?

    The long and short of it is that i need a software electromagnet... Has anyone come up with the idea of interfacing a electromagnet on a hard drive for an instant wipe?

    Hdd Dump Programs

    in Security

    Posted · Edited by Wetwork

    Hey Happy Hackers

    I am looking for a HDD Core Dump/ Wipe program that can wipe out a hard drive with a few keystroke combos. I know that there are some HDD wiping programs out there such as BCwipe that comply with DoD requirements for drive wiping and the like but they take far far far too long. I am looking for a program that can scrub a drive as fast as possible like in under 5 min from within the operating system effectively scrubbing the drive

    Im looking for something that can wipe out the MFT and sectors as fast as possible with a 3 or 4 keystroke combo that will work for linux and/or windows

    Any thoughts?

    Guys I need Help you

    in Hacks & Mods

    Posted

    Guys anyone can help me? are u Have SSH Port 443...

    only just fun study?? so please sharing with me user and password.. please guys... thanks

    To quote one of my fav lines from the old star trek series

    "Brain and Brain .....what is brain!"

    Show Some Hak5 Love

    in Everything Else

    Posted

    Nothing good lasts forever and Hak5 has been very good to us on many levels so i think that its our duty to try to keep the community and the show that we love going for as long as we can.

    The show has seen many changes over its 7 seasons with co-host coming and going and the sets changed like underwear but Hak5 remains and will remain hopefully for a long time to come.

    For whatever comes i wish DK the best of luck in SF and i know that whatever comes its going to be a good thing

    I just have one question.....WTF ever happened to Matt? We heard from Snubs, we heard from Darren, Mubix is rolling his own podcast now and it kicks ass but with all this going on no one ever mentioned what the deal with Matt Lestock?

    Was there a drunken brawl that we never got told about??? is Matt no more......Information ....Information....Information...."you can not make bricks without clay" says a recent movie quote

    Star Trek Online open Beta keys

    in Gaming

    Posted

    I haven't gotten to Admiral yet but i did get to Commander last night and got my Heavy Escort (yes it is bad ass) The ones that have maxed out in lvl obviously have no life and havent seen daylight since the head start launched Friday night. Wouldnt want to be around that smell when they do break daylight

    Star Trek Online open Beta keys

    in Gaming

    Posted

    Beta has just over a week left, I've been in the game since closed beta and I rather love it.

    I was part of the Open and Closed beta and now am a paying player and i fricking love the game. If you are the slightest bit of a ST fan then you are going to LOVE this game.

    I left Age of conan after playing that for 18 mo to come to STOL and i am never going back!

    Hidden USB Boot Instructions

    in Questions

    Posted

    What OS is it, because boot.ini is not even used from Vista on up. You coudl try a trick though, like starting in safe mode, cmd window only, then using something like grub4dos on the main c drive to boot a usbkey and try to launch from there somehow. Woudl requir eyou to copy grub4dos files to the c drive, then reboot into safe mode cmd propmt. Not evne sure its possible, but worth trying just for the hell of it.

    That is a really great idea....but if the system has any sort of sector recovery software such as Faronics Deep freeze then whatever packets are installed to the HDD from the previous session will be deleted when he reboots Lets hope that your hawkish sysadmin doesn't have that or something similar installed

    Other than that, the idea gives me a wealth of other ideas about dropping hidden files to the O/S root then getting the boot manager to run those on startup ......such as the ones similar in the Hacksaw project but hidden from the root o/s

    *strums fingers through beard thinking evil thoughts*

×
×
  • Create New...