Re: New Job Advise

From: James McGee (james__mcgee@hotmail.com)
Date: 08/08/02


From: "James McGee" <james__mcgee@hotmail.com>
To: "Shawn Duffy" <pakkit@codepiranha.org>, "DSardina" <dsardina@si.rr.com>
Date: Thu, 8 Aug 2002 21:59:52 +0100

Congratulations!

I found myself in a similar position some time back. I had web, app, and db
servers to deal with.
I managed to convince management to go for a load balanced situation and
ended up with two servers in each instance. This does not need to be
expensive, you can use round robin with multiple DNS entries, and just
remove the IP address from the machine you want to work on.
I built each new server from scratch, and applied all best practices to the
new server following all the information I could gather from the OS
providers site, and the rest. I then set about putting in my Security
practices picked up from various sources, and past experience.
Then I applied the websites, this enabled me to clear out a lot of junk,
understand the way the entire system was put together, finding lots of old
files, and archived stuff along the way, once this new system was up,
running and tested, I put this live, and then blasted and rebuilt the new
one, following the processes I had just gone through with the other server.
I found this whole experience to teach me a lot about the applciation that I
was now supporting. It also enabled me to now have two systems, one can be
taken down for upgrades, maintenance and patching, then tested, and then can
be switched back in place, whilst the same process is carried out on the
other one.

On the other hand this may not be possible, ask management to admit that you
will not be held fully responsible if there is a breach with regards to
someone else's work.

Good luck

JM

----- Original Message -----
From: "Shawn Duffy" <pakkit@codepiranha.org>
To: "DSardina" <dsardina@si.rr.com>
Cc: <security-basics@securityfocus.com>
Sent: Thursday, August 08, 2002 2:02 PM
Subject: Re: New Job Advise

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This actually can be a rough problem... I generally only like to trust
> boxes that I built myself but that isn't always possible...
> What OS is this box?
> First, I would look at the version numbers of all major software on the
> box... is everything up to the latest possible version, and if not, does
> it present a security risk and is there a GOOD reason it can't be
> upgraded...
> Check the patch level. If this is a Microsoft box, then all you should
> need to do is check all of the patches that are installed.. if it is
> something like a BSD, then maybe you can cvsup the syste source just to
> make sure...
> Run a few different portscanners against... nmap for a basic outline of
> what is listening on the box and maybe Nessus for a more in-depth look...
> You could also consider running a sniffer so that you can monitor traffic
> that is not only coming to the box but also OUT of the box to make sure
> that nothing out-of-the-ordinary is happening...
> Audit user accounts as well... make sure that all of the user accounts are
> necessary, and if not, disable them... I wouldn't delete them right away
> because you never know what you may need since you inherited the box and
> aren't all that familiar with its operations...
> Other than that, I would just try to break down the box as much as
> possible without interrupting service and rebuild as much as possible
> yourself so you know what's going on...
>
> Good luck!
>
> shawn p. duffy
>
> http://codepiranha.org/~pakkit
> email: pakkit@codepiranha.org
> pgp key: getkey-pakkit@codepiranha.org
> pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A
>
> On Mon, 5 Aug 2002, DSardina wrote:
>
> >
> > Hi All:
> >
> > I've been out of work for a few months, and just landed a new job today.
> > (Web Admin)
> > I knew I would get the job, just because I knew what they wanted, and
> > whatnot.
> >
> > I already know the answer, but im looking for more advice.
> >
> >
> > Question is:
> >
> > When you enter a new job and takeover a new Web Server that's already
> > running and live,
> > what would be the 1st thing you would think of to do? (ex: Port Scan,
Change
> > Admin pword? Check Patchs,ect)
> >
> >
> > Thanks in Advance,
> > DS=-
> >
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (OpenBSD)
>
> iD8DBQE9UmwFzOlsqZj8ZloRAvWdAJ9kbf62l11AkuJnto36m/FbzvFo1ACgrtoy
> KersyxWRnF+an4HhsJNz3NQ=
> =qOFN
> -----END PGP SIGNATURE-----
>
>