Re: Anti-Rootkit app


Hi Dan,

Good security is usually a comprehensive strategy, rather than hoping for a
one-size-fits-all-magic-bullet solution.

Combine a coherent packet filter with strong passwords, a competent IDS, BSD
securelevels, and a file system integrity checker, and you've got a pretty
solid strategy for dealing with most of the bad things that show up on the
Internet.

This, of course, is all wasted if you leave your system unprotected
physically, but I digress ...

A common strategy with anti-rootkit software is to keep a copy of your
signatures elsewhere -- either on removable media, or a remote system; you
can use secure hashes to verify the integrity of the local signatures
against your known good copy to ensure that the list hasn't been tampered
with, and then verify the important parts of your OS against said list.

A lot of computer intruders are dumb, and more important, lazy. Truly
motivated and gifted crackers are a rarity, and if you get attacked by one
of them, it can be difficult to deal with. However, good preventative
security measures will keep the small fry and script kiddies at bay.

Just my two cents.

Klaus

On 1/14/08 11:11 AM, "Dan Lukes" <dan@xxxxxxxxx>did etch on stone tablets:

I need to install an anti-rootkid

If I understand correctly, an intruder need to be superuser to be able
to install a rootkit.

If our intruders has superuser privileges, they can tamper any
anti-rootkit.

Is the main reason to install anti-rootkit we count the intruders are
so dumb to look for one of port's anti-rootkit package before they do
it's dirt work ?

Or I miss something important ?

Dan
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Restoring ssh session
    ... intruders uses for breaking attempts. ... monitor invalid names, but no passwords. ... Concerned about Web Application Security? ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: Anti-Rootkit app
    ... If our intruders has superuser privileges, ... Is the main reason to install anti-rootkit we count the intruders are ...
    (FreeBSD-Security)
  • Re: Anti-Rootkit app
    ... If our intruders has superuser privileges, they can tamper any anti-rootkit. ... Is the main reason to install anti-rootkit we count the intruders are so dumb to look for one of port's anti-rootkit package before they do it's dirt work? ...
    (FreeBSD-Security)
  • Ignorant to new broadband service, PLEASE HELP????
    ... I have just decided to go broadband, ... about the security issue seeing as my IC will now be on ... safe from intruders?? ...
    (microsoft.public.security)
  • Help with Broadband security?????
    ... I have just decided to go broadband, ... about the security issue seeing as my IC will now be on ... safe from intruders ...
    (microsoft.public.inetserver.iis.security)