re: ridiculous situation

From: H C (keydet89@yahoo.com)
Date: 11/29/02

  • Next message: James B. Lawton: "RE: Blocking personal email" 
    Date: Fri, 29 Nov 2002 06:31:16 -0800 (PST)
From: H C <keydet89@yahoo.com>
To: security-basics@securityfocus.com

    Harley,

    Perhaps I'm not seeing where your problem lies. From
    what you describe, you have 5 systems that you've
    recently inherited, and they've been largely
    unprotected since they were first turned on.

    "you can't simply firewall them off and leave them for
    dead."

    What are you saying? Are they business critical? If
    so, determine what services each of them should be
    providing, and then disable/restrict/limit the
    available running services to just those. Think about
    adding tcpwrappers, as well.

    Examine the configurations of the machines, and see
    what's going on. What is the level of the kernel?
    Would it be worth the time to upgrade? If the systems
    are business-critical, you'll likely have to schedule
    maintenance for after hours. Is the default kernel
    image in place, or were the kernels recompiled
    specifically for each machine?\

    "how would you be sure there are no trojans, bots
    etc...chkrootkit and so on, i suppose, but how
    reliable will the results be?"

    What do you mean? You could always do the checks by
    hand yourself...it would take more time, but perhaps
    be more reliable.

    If I were you, I'd start w/ a security assessment of
    each machine. Check for setUID files, running
    services/processes, examine the configuration.
    Examine the syslogs, see what's currently there. Once
    you've completed your examination, develop a plan to
    tighten things up...it may take a while, b/c you'll
    have to determine the business processes that use
    these systems. You want to make sure that you don't
    disrupt those processes in your efforts to secure
    these systems.

    Your situation isn't so much ridiculous as it is
    pretty normal...

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    http://mailplus.yahoo.com

    Relevant Pages

    • semaphore.h doesnt include fcntl.h ?
      ... in your kernel ... --Dan Nelson ... Have a HUGE year through Yahoo! ... Small Business. ...
      (freebsd-hackers)
    • Re: Possible future directions
      ... There's an awful lot of this stuff in the kernel. ... going back to doing stuff with the RISC OS GUI ... The kernel provides SWI dispatch and basic ... The world today is very business oriented, ...
      (comp.sys.acorn.programmer)
    • Re: Any ideas on X freezing up with NVIDIA drivers?
      ... in Linux *and* FBSD so I might be able to help. ... As for AGP and kernel config, I've gotten mine working with AGP in the ... > Do you Yahoo!? ...
      (freebsd-questions)
    • Re: ATI video comes out of the closet
      ... very wonky-- release as they push the older version of Fedora out. ... everyone would be better off it there were a way to have Red Hat style administration, a stable kernel and device drivers, and up to date apps all in one distribution. ... their business offerings are too ...
      (Fedora)
    • Yahoo Offers Moveable Type For Bloggers
      ... Yahoo Inc. and Six Apart Ltd., creator of Movable Type -- the most ... business," he said. ... professional bloggers to create easily updated Web sites. ...
      (comp.dcom.telecom)