Re: [Full-Disclosure] Training & Certifications

From: Curt Purdy (purdy_at_tecman.com)
Date: 04/07/04

  • Next message: H D Moore: "[Full-Disclosure] Metasploit Framework 2.0 Released!" 
    To: <id3nt@hush.com>, <keydet89@yahoo.com>, <full-disclosure@lists.netsys.com>, <purdy@tecman.com>, "'IMB Recipient 1'" <mspop3connector.charles.schmidt@cs-is.biz>
Date: Wed, 7 Apr 2004 16:30:18 -0500

    id3nt@hush.com wrote:
    > Curt, you didn't define the case scenario for the first thing you do
    > on a windows box.
    >
    > One would hate to reboot a box and lose any valuable evidence
    > of an intruder
    > or otherwise incriminating material.
    <snip>

    Of course id3nt, my bad, and it appearently caused a good deal of
    misunderstanding. I was referring to our troubleshooting Windows problems,
    not security forensics. When we are called to a site to work on a problem
    with a Windows server related to networking/performance/system problems, not
    security issues, the first thing we do is ask the sysadmin to reboot the
    device.

    We have learned this over the years, you basically can't make any change in
    Windows without rebooting, and the look on the client's face when it comes
    back with a bluescreen, not caused by anything you have done, is not a
    pretty site. And when you then spend the rest of the night rebuilding the
    system and not getting paid for it because the client "knows" the bluescreen
    was caused by us, is not fun.

    We have never once had this happen on a *NIX or Netware box.

    Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions

    ----------------------------------------

    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- White House cybersecurity adviser Richard Clarke

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: H D Moore: "[Full-Disclosure] Metasploit Framework 2.0 Released!"

    Relevant Pages

    • [Full-Disclosure] Re: MS-02-052 + blackholing MS
      ... > with an eye towards security, I look at the long-term track record of ... windows server products can be locked down. ... > free *nix equivalent - FreeBSD, ... They reboot their 200 Win servers every night to make ...
      (Full-Disclosure)
    • Re: Update 931784
      ... If "Security Update for Windows XP " is listed in Add/Remove Programs, uninstall it and reboot. ... Download the update from this link: http://www.microsoft.com/downloads/details.aspx?FamilyId=eeaee4a7-4858-4b6b-9c6d-a9f1eae19b51 ...
      (microsoft.public.windowsupdate)
    • RE: windows could not start the security center service on local compu
      ... How to Automate the Disk Cleanup Tool in Windows XP ... Reboot ... "ronnycopeh" wrote: ... I have searched everywhere for a solution to starting the security ...
      (microsoft.public.windows.vista.security)
    • Re: [Full-Disclosure] Training & Certifications
      ... We'll use Curt as the example here as he seems to have a lot of letters. ... One would hate to reboot a box and lose any valuable evidence of an intruder ... potential Security Experts, Hackers or thiefs ask them to either ... rebooting a Windows ...
      (Full-Disclosure)
    • Re: security center
      ... Thanks Curt. ... Is it possible to do that from windows 2003 AD GP? ... Please advice ... way Security Center alerts me". ...
      (microsoft.public.windowsxp.general)