DomainTools 101: The Art of Tracking Threat Actors

You’re moving?! Fantastic! Hopefully this is a good thing for you and yours: huge growth of the company, a better location near your favorite lunch spots, or even just a better view. Collectively, we have lots of experience with office moves (and datacenter moves, and house moves), and having gone through this ourselves just a little while ago here at DomainTools. We collected a few lessons learned from this move, and a few from the traumatic memories of moves long past.

It’s always good to start with the basics. Learn all you can about the building access procedures. Most of us in small companies will be sharing the building, if not the floor, with other companies. This means that others will be sharing our access to hallways, elevators, stairwells, parking garages, etc. Some questions to ask the building management:

  1. How are these spaces protected?
  2. What are “standard” hours of operation?
  3. Are there security cameras on key access points, or does the security office conduct routine patrols?
  4. Who else (e.g., building maintenance personnel) might have access to your space, and how will you be notified when they visit, even when you aren’t present?

We want to protect not just our information and assets, but our employees, too. Make sure the everyone working in this office location knows the standard procedures, and who to contact if a question comes up. As much as we tend to focus on information security through digital means, it’s good to remembers that physical access can bypass any electronic security we might set up. If something obvious seems to be absent from these procedures, it’s always a better idea to ask than risk a gaping hole in physical access.

While we’re thinking about physical access, it’s a good idea to take a look at any of your network or telephone wiring. Often these are the same, but you may still have Plain Old Telephone Service (POTS) lines for special services or emergency access. Where do your lines terminate? If there is a shared IDF closet, make sure you understand how that will be secured. Digital communication does make it a little harder than just plugging in a butt-set and listening in on the CEO’s confidential call with investors, but the principal remains the same. Electronic communications can be “sniffed” through induction, so where your wiring runs is also important. You should be asking:

  1. Do you control all the spaces where the wires go?
  2. Are there any shared walls or ceiling conduits where someone could get to these wires without your knowledge?
  3. How about the floor? If your cable disappears into the jack in the floor, check to see if this is really mounted in the ceiling interstitial space of the tenant beneath you. Are you sure you’re OK with that?

Finally, things break during moves. Been there, done that. If you have system-level disaster recovery plans, it would behoove you to review and update these before the move, just in case. Also, if you are moving any of the critical systems (file servers, databases, etc.), having a good backup (or two, or three) is prudent anyway. During a move, however, you’ll be jostling all those hard drives and memory chips and encouraging anything that had been on the brink of failure to go ahead and slip its mortal coil. Transporting at least one of those copies separately from the server itself will save you from any catastrophic move-related accidents. Same goes for any user machines that have critical data on them. Spending the time to help each of them complete a solid backup will help everyone sleep a little better.