Security Basics mailing list archives
Re: security advice
From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 24 Aug 2010 14:42:37 -0500
Edmund <edmund () belfordhk com> writes:
I'm still very reprimanding myself for being so careless. This is one lesson that I gotta have imprinted in my thick skull. Anyway, given this lesson, can someone offer any methodologies/programs that I can use to protect the company system? I'm now going through the firewall rules to find out what holes the intruder might have entered through. Thanks. Ed
First decide if you want a trained forensic investigator to investigate the case. If so, don't touch the box and alter the evidence any futher. If you don't have the budget or inclination for the above, Gold standard of recovery would be to take a forensic image of that disk (perhaps your deleted folder could be recovered from what's available in slack at your leisure), and rebuild the server from original optical media.... and ensure that patches are all up to date. To determine how the compromise occurred would require the knowledge of a trained forensic investigator and evidence from the machine itself, network logs of proxies, central syslog, and IDS to paint a good picture. Recovering the evidence you deleted would be among the things they'd have to do to determing the who/how. The most likely route of intrustion depends on what the server's function was, how up to date on patches it was, and--if it was running any web applications (particularly custom ones)--what vulnerabilities in those applications would've have given an attacker an adequate foothold to set up shop. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- security advice Edmund (Aug 24)
- Re: security advice irado furioso com tudo (Aug 24)
- Re: security advice Todd Haverkos (Aug 24)
- RE: security advice Andrei Popescu (Aug 25)
- Re: security advice Erik (Aug 26)
- RE: security advice Andrei Popescu (Aug 25)
- RE: security advice Murda (Aug 25)
- Re: security advice Robert Larsen (Aug 25)
- Re: security advice debiantech (Aug 25)
- RE: security advice Grant, Richard (KYTC) (Aug 25)
- <Possible follow-ups>
- Re: security advice Mike Razzell (Aug 25)