HiddenText Ltd

Analogy : I heard a log file

/

,

I originally wrote this for the Analogies Project back in 2014. I’ve had some thoughts on this and wanted to update it and bring out some themes, and so it is curated here. Hope you enjoy.

It’s 5 am.

It’s dark, you’re asleep, your partner is sleeping, and the kids are asleep. The house is silent.

Suddenly you are awoken by an elbow from your partner into the ribs.

I heard footsteps downstairs

As a parent, it’s the worse thing someone can say in the middle of the night. Do we have an intruder? What will the attacker do? Will my family be safe?

So you lie calm and silent. Waiting. Your heart is pumping fast, and you have to slow it down to remove the rushing blood noise in your ears until the house is silent.

You lie there in silence listening, but you know that you are going to have to get up and go and have a look. You can’t hear any noises, but you know it, you’re going to have to go and have a look. You pull back the covers and pad barefoot across the bedroom. The house remains silent, your steps careful and faint. You think to yourself, what do I do if I find someone?

You open the bedroom door with only the slight brush on the carpet, notice no squeak from the door hinges, that’s some good oil!

Down the stairs you go.

You stand on the top step, always listening, with one hand on the bannister you lean over and peer into the darkness. It isn’t truly dark; there is a dim glow from the streetlights in the next street. Again you wait, watching and listening for anything, a change in light, shadows, movement, noise.

You look at the stairs, that squeaky 3rd step. You carefully move forward, weight balanced between hands on the walls and bannister, each action taken slowly whilst fully listening, not only to the noises of the house but also to your own noises.

Silence of Nothing

You reach the bottom and know you can now move without sound.  You listen.  Nothing.

After a sweep of the ground floor, you peer into the darkness outside through the window.  Nothing.

You open the door of the house and listen outside. Nothing.

Totally silent, no noises, nothing at all.

False alarm

You lock up the house and get a glass of water. You stand there quietly in the kitchen fuming now you’re entirely awake, adrenaline in your system, wide awake, for nothing.

The Stomp

You trudge back up the stairs to bed, every footstep loud in the quiet house. You check in on the kids who are still snoring. You hit that third-from-the-top step, and it squeaks loudly. When you get back in bed. The duvet has already stolen and from beneath it is the snoring of your partner.

You lie there in the dark, unable to sleep while the rest of the house snores around you.

The Analogy.

Most companies have computers connected by networks to create an infrastructure. Hidden in the basement (not literally but keep with the house analogy a little longer) are servers which do all the creative stuff serving up applications and data to the users in the company. Those servers are like your jewellery boxes and TV in the lounge, containing the valuables of your business.

Along comes a criminal, and they tap the network doors and Windows. Sometimes they even get inside and start wandering around those networks.

They are deliberately stealthy and quiet so that no-one knows they are there. Sneaking around stealing data, adding themselves into the company network infrastructure, installing their own tools to snoop and steal. When they are ready, they steal the data, passwords, client data, financial data or just trash the place with things like ransomware.

Evil Keyboard

Companies might just rely on someone giving them the elbow when someone randomly hears a noise, or they might utilise advanced tools to silently monitor network intruders 24/7.

In information security, we have a variety of tools and services at our disposal to conduct such monitoring. Tapping network ports, listening for criminals cautiously moving around our own network and security servers listening, waiting and hoping to catch a criminal in action and gain enough iD about them to give the details to the authorities to take action.

But if a criminal is lurking in one of the dark corners of your network, they can watch and learn where the creaks are, your routes, where you check, what is secure – they can if the creaks are being heard too.  It is amazing how much noise you can make without disturbing anyone. And so you can be as noisy as you like as an attacker – the noise in the log files would only be noticed if, and only if, those log files are being monitored. If no-one is checking log files for access or brute force attempts etc. then be as noisy as you like because no-one is going to wake up anyway!

Summary

Do you know your networks as well as we know our own homes in the dark?

Do you see how the shadows fall on a regular day?

Do you know where the hiding places are?

Do you know where the noises are made?

You as the tracker don’t have to be silent either. The attacker and tracker can both be noisy.

Make your paths unavoidably noisy, and your stairs unavoidably creaky then ensure you are listening!  For good measure, leave a few kids toys lying on the stairs (… but make sure you don’t step on them), and add a couple of connection alarms on the doors.


No matter how many false alarms, always go and check!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by