Security Basics mailing list archives

Re: security advice

From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 24 Aug 2010 14:42:37 -0500

Edmund <edmund () belfordhk com> writes:

I'm still very reprimanding myself for being
so careless. This is one lesson that I gotta
have imprinted in my thick skull.

Anyway, given this lesson,  can someone offer
any methodologies/programs that I can use to
protect the company system?   I'm now going
through the firewall rules to find out what
holes the intruder might have entered through.

Thanks.

Ed

First decide if you want a trained forensic investigator to
investigate the case. If so, don't touch the box and alter the
evidence any futher.

If you don't have the budget or inclination for the above, Gold
standard of recovery would be to take a forensic image of that disk
(perhaps your deleted folder could be recovered from what's available
in slack at your leisure), and rebuild the server from original
optical media.... and ensure that patches are all up to date.

To determine how the compromise occurred would require the knowledge
of a trained forensic investigator and evidence from the machine
itself, network logs of proxies, central syslog, and IDS to paint a
good picture. Recovering the evidence you deleted would be among the
things they'd have to do to determing the who/how.

The most likely route of intrustion depends on what the server's
function was, how up to date on patches it was, and--if it was running
any web applications (particularly custom ones)--what vulnerabilities
in those applications would've have given an attacker an adequate
foothold to set up shop.

--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

security advice Edmund (Aug 24)
- Re: security advice irado furioso com tudo (Aug 24)
- Re: security advice Todd Haverkos (Aug 24)
  - RE: security advice Andrei Popescu (Aug 25)
    - Re: security advice Erik (Aug 26)
- RE: security advice Murda (Aug 25)
- Re: security advice Robert Larsen (Aug 25)
- Re: security advice debiantech (Aug 25)
- RE: security advice Grant, Richard (KYTC) (Aug 25)
- <Possible follow-ups>
- Re: security advice Mike Razzell (Aug 25)