Security Basics mailing list archives
Re: computer with rootkit?
From: Jeff Stebelton <jeff.stebelton () gmail com>
Date: Fri, 30 Sep 2011 10:43:32 -0400
Re-imaging an infected machine is the de facto standard in every environment I've worked in. You can never be sure that you've eradicated every component, and to try and do so is not only a waste of time, compared with re-imaging, but is subjecting your network to a possible continued threat. Pull the box if analysis on it is needed, put your standard image on another machine and replace it and move on. Desktop can do the switch and hand off the compromised box to network security to determine if any analysis needs done or if the box needs preserved for an investigation (if there's network evidence of data leakage or if the attacker had remote access to the machine or whatever your policy dictates). I've done network security for eleven years and have never, ever heard of any shop who allowed a rootkit victimized box to be put back on the network without being re-imaged first. That is bad policy, and will eventually come back to bite you in the butt. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: computer with rootkit?, (continued)
- RE: computer with rootkit? Brian Rogalski (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- Re[2]: computer with rootkit? Adam Pal (Sep 29)
- Re: Re[2]: computer with rootkit? Jamie Ivanov (Sep 29)
- RE: computer with rootkit? Dan Lynch (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- RE: computer with rootkit? Joe DeMarco (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- RE: computer with rootkit? Dan Lynch (Sep 30)
- Re: computer with rootkit? Security (Sep 30)
- Re: computer with rootkit? Jeff Stebelton (Sep 30)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- RE: computer with rootkit? Brian Rogalski (Sep 29)
- Re: computer with rootkit? Ansgar Wiechers (Sep 29)
- Re: computer with rootkit? Jamie Ivanov (Sep 29)
- Re: computer with rootkit? Ansgar Wiechers (Sep 29)
- RE: computer with rootkit? Mikesch, David A (Sep 30)
- Re: computer with rootkit? Francois Yang (Sep 29)
- Re: computer with rootkit? rogue5 (Sep 29)