MannTech Computers, Inc
Manntech Computers was started in 2005 with the vision of creating and investigating information security. Since that date we have strived to gain expert knowledge and use that to create processes, procedures and applications that meet that need.
Manntech Computers was started in 2005 with the vision of creating and investigating information security. Since that date we have strived to gain expert knowledge and use that to create processes, procedures and applications that meet that need.
Nov 16- Nov 20 2009 - notes from the trenches
My day to day diary using SOI.
11/16/2009
I have been pretty busy working on the NEW 2.1 soi. Its looking real good; the summary and reports page really do add value. Hopefully I'll start to incorporate the reports into the notes from the trenches. Also been hard at work on the Augmented Reality addition to SOI. If you have not looked at our research page, please do so, we're working on some very cool concepts. Its not that far off, so be patient and I will post a video for our proof of concept. I really do think AR is going to enhance security visualization and tactical approach to systems. The current SIEM's really don't lend to much to the average security engineer. They either are overly complex or overly expensive. That is why SOI came along.Enough of my soapbox, lets talk about what is happening today. Spookly enough, not a great deal. Same hunting of P2P traffic, no real increase in port scans. Tomorrow I will use the reports to look at what happened during the night, so tomorrow at least should be more fun.
I have been pretty busy working on the NEW 2.1 soi. Its looking real good; the summary and reports page really do add value. Hopefully I'll start to incorporate the reports into the notes from the trenches. Also been hard at work on the Augmented Reality addition to SOI. If you have not looked at our research page, please do so, we're working on some very cool concepts. Its not that far off, so be patient and I will post a video for our proof of concept. I really do think AR is going to enhance security visualization and tactical approach to systems. The current SIEM's really don't lend to much to the average security engineer. They either are overly complex or overly expensive. That is why SOI came along.Enough of my soapbox, lets talk about what is happening today. Spookly enough, not a great deal. Same hunting of P2P traffic, no real increase in port scans. Tomorrow I will use the reports to look at what happened during the night, so tomorrow at least should be more fun.
11/18/2009
Some really cools visuals today....the good news is that we have a company do third party scanning...the even better news is that it gives me a chance to show off SOI...very cool.
Ok so the scan started at about 10am today, it was a directed scan against my exposed systems...so not likely to see an nmap heavy scan there....here is the initial scan. When I looked further into it, obviously I saw the company that was conducting the scan. Very cool...note that as this was as directed scan it really hammered the lower ports.
So the above initial scan was pretty directed. As time went on they changed to scanning machines that were responding...I saw the denied scans, but what was really interesting was my response to the scans...As they were looking for application level vulnerabilities my machiens responded..but it was easy to spot. The timelines and general windows showed so much activity it was pretty blatent what was happening...glad this was a test, its good to see things in action
Some really cools visuals today....the good news is that we have a company do third party scanning...the even better news is that it gives me a chance to show off SOI...very cool.
Ok so the scan started at about 10am today, it was a directed scan against my exposed systems...so not likely to see an nmap heavy scan there....here is the initial scan. When I looked further into it, obviously I saw the company that was conducting the scan. Very cool...note that as this was as directed scan it really hammered the lower ports.
So the above initial scan was pretty directed. As time went on they changed to scanning machines that were responding...I saw the denied scans, but what was really interesting was my response to the scans...As they were looking for application level vulnerabilities my machiens responded..but it was easy to spot. The timelines and general windows showed so much activity it was pretty blatent what was happening...glad this was a test, its good to see things in action