Re: ridiculous situation
From: bda (bda@mirrorshades.net)
Date: 11/28/02
- Previous message: Thomas Sjögren: "Re: Re[2]: Protect folder data."
- In reply to: harley mcdonald: "ridiculous situation"
- Next in thread: Christian Friedl: "Re(2): ridiculous situation"
- Reply: Christian Friedl: "Re(2): ridiculous situation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Nov 2002 15:11:50 -0500 From: bda <bda@mirrorshades.net> To: harley mcdonald <harleyqmcdonald@yahoo.com>
Write up a decently detailed plan for migrating each of the running
services off the machines onto newly installed, secure boxes. You can't
trust those machines, you can't really trust the previous
administrator(s), and you can't trust what you don't know.
Since it's just five machines, it wouldn't take a lot of time to dig
through the machines, find out what they do, how they do it, and then
move all of that stuff elsewhere.
Just make sure you write up a proposoal and migration plan first, and
then follow it -- making notes as you go along so it's all documented.
I've been through this situation several times, unfortunately. The goal
is not to go around replacing every machine when you first start a new
job, or inherit new responsibilities, but to assess each new device as a
security risk and take the appropriate actions.
On Wed, Nov 27, 2002 at 12:06:12PM -0800, harley mcdonald wrote:
> hi,
>
> this is kinda broad...say you've inherited 5 ( R.H.
> linux ) machines. all of which have been on for a
> year, not firewalled and not backed up.
>
> management has a "ain't broke don't fix" mentality. i
> guess, what would you do? how would you be sure
> there are no trojans, bots etc...chkrootkit and so on,
> i suppose, but how reliable will the results be? how
> can i be sure there isn't a key-logger in the kernel.
>
> you can't simply firewall them off and leave them for
> dead. legal action can be taken against the company
> in the event of a break-in and subsequent attacks on
> other companies.
>
> and on and on.
>
> any ideas?
>
> h
> ..
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - Let the expert host your site
> http://webhosting.yahoo.com
-- bda Cyberpunk is dead. Long live cyberpunk. http://mirrorshades.org
- Next message: Brad Arlt: "Re: IPF/IPTable/??"
- Previous message: Thomas Sjögren: "Re: Re[2]: Protect folder data."
- In reply to: harley mcdonald: "ridiculous situation"
- Next in thread: Christian Friedl: "Re(2): ridiculous situation"
- Reply: Christian Friedl: "Re(2): ridiculous situation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
