Cybersecurity

9555 readers

62 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

thoughts on this insider threat case? (infosec.pub)

submitted 2 weeks ago by Birdwants@lemmus.org to c/cybersecurity@sh.itjust.works

17 comments fedilink hide all child comments

quick case study for the cybersec folks here. got this real story in my dpo class & wanted ur thoughts.

IT guy at a bank, last day of his notice period. a trainee saw him puttin some CD-ROMs in his bag & told security. they checked him at the exit and found a full export of the bank's top clients on the discs. guy got fired for gross misconduct & a police complaint was filed.

any red flags or stuff that stands out to u technicaly or otherwise ? i have my own ideas on this cas but curious what u guys think first?

thx 😎

you are viewing a single comment's thread
view the rest of the comments

[–] ZombiFrancis@sh.itjust.works 14 points 2 weeks ago (3 children)

Some operational security questions: What's this trainee doing? Why was it a trainee noticing things being put in backpacks? Why was the trainee the one notifying security?

Are there protocols in place for media being brought in or out of the facility and its workstations? Why or why not? Was the trainee the only one who reviewed them recently enough to notice a breach and alert?

But most importantly and at any rate you don't do the grand heist on the last day. Rookie move.

[–] Birdwants@lemmus.org 2 points 2 weeks ago (1 children)

Technically speaking, what kind of logs does burning a CD actually leave on a hardened Win/Linux workstation compared to a USB mount? If the DLP is only looking for 'Mass Storage Devices', does the burning process even trigger a file-copy event in the logs?

[–] ZombiFrancis@sh.itjust.works 1 points 2 weeks ago

The process that's being executed to run the burner would be a clue, based on my experiences (limited) and knowledge (also limited). For windows, if the outright windows burner was used then there'd be system logs for that. If another program were used, well, that begs more IT security questions about permissions.

I have whole months of experience using Linux, so, no idea there.

load more comments (1 replies)