Security Basics mailing list archives
Re: When some is infected?
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Fri, 11 Oct 2013 18:09:20 -0700
On 10/11/2013 04:17 AM, BillV-Lists wrote:
Hi Todd, I'm not sure I understand what you're asking for. When you walk up to a "protected" computer... are you talking about a system protected with Kaspersky?
Yes. And reasonable steps taken to protected it.
And what do you mean "get past penetration testing"?
A crafty bad guy would not open ports to be detected by nmap. They would only go out and make connections. I was looking for a way to "snoop" on that traffic.
Yes, wireshark would allow you to watch network traffic on a system. This could indicate signs of an infection or other software you don't want. If you're looking for something at the enterprise level, you'd probably want to take a look at something like FireEye or Damballa. Bill
Thank you! -T
On 10/10/2013 11:11 PM, ToddAndMargo wrote:Hi All, Since I sell Kaspersky and have had a lot of customers on it for years, I have learned that if something gets by Kaspersky, it is going to be a wild ride getting rid of it. (I get rid of them manually and/or run other vendors stuff at the computer.) Now a days, when I walk up to a protected computer, my thoughts are "maybe". Did something get past that is not being detected? Now I am thinking that a well crafted bad guy is going to get past "penetration testing" (PEN). Although find anything like this is not the scope of PEN testing, I am still thinking it would be ethical to see if any traffic is sneak out that is not suppose to be. So I was thinking that I should turn off all network traffic producing programs I know of on the POS computer, and just sit watching its outgoing traffic to make sure there is no bad guy Command and Control going on. Does this make sense to you? Is Wireshark the proper tool for this? Your thoughts always appreciated. -T
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- When some is infected? ToddAndMargo (Oct 10)
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Re: Aw: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- <Possible follow-ups>
- Re: When some is infected? ToddAndMargo (Oct 28)
- Re: When some is infected? ToddAndMargo (Oct 28)
- Re: When some is infected? ToddAndMargo (Oct 28)