Sunday, October 14, 2007

HIDS or, screw the NSA! Host-based intrusion detection

You've secured your laptop now, according to best practices. You have turned on FileVault disk encryption, turned off unnessary services, disabled automatic login, etc.
Now the bastards have to come after you the old fashioned way, they have to penetrate your code walls and steal your internets.

"But how can the dastardly FBI, NSA, DHL, Section 8 bastards break my code walls?" you ask. Easily. You are running multiple programs which phone home all the time and connect to other computers through sometimes lousy protocols or implementations. That Weatherbug may be more of a bug than you realize. First step is to run Little Snitch, which will tell you when applications connect to the net and give you the opportunity to deny them temporarily or permanently. Next run nmap on yourself to make sure you only have approved ports open. Now you've done your due diligence, but The Man won't give up!

You need a HIDS, a Host-based Intrusion Detection System. This kind of program will scan your machine and make sure that you haven't been pwned, running root-kits, badware, keyloggers or other garbage that the G-men (or romanian script-kiddies) would use to monitor you. Think it can't happen? There was a recent case where a mafioso was busted even though he used all kinds of crazy encryption on his machine. They used a sneak-and-peak warrant to sneak in his house and install some nosey-ware into his machine and then watched him for *months*!!! He'd have been better off if he was checking for file modifications. Don't think your mighty encryption will stop them. This ties into the above best practices by disallowing automatic login, etc. But remember, if they have physical access to your machine, life gets much more difficult.
We'll cover how to defeat more advanced monitoring techniques in future posts. Remember, if they cannot just boot your machine and read it, they'll have no choice but to resort to more expensive/difficult and less effective techniques. Our goal is to get them to the point of using Van Eck Phreaking and having goatse as your screensaver. Heh.

Read this infoarnarchy article on methods of intrusive surveillance. If my job was to steal your data, this is the manual I would follow.


Artificial Selection said...

So, where can I get one of these "HIDS" of which you speak?

Artificial Selection said...

Little Snitch is up and running.

site said...

I found a great deal of helpful info in this post!