Re: hacked.e-microsoft.net attacks!!!

From: Rick Moen (rick_at_linuxmafia.com)
Date: 09/13/05 

Date: Tue, 13 Sep 2005 16:27:13 -0400

As will be obvious, I'm addressing this mainly to the original poster,
"darkog".

Moe Trin <ibuprofin@painkiller.example.tld> wrote:

[snip]

> So that you can be r00ted that much quicker? Yes, bringing the system
> back up quickly is important, but you ALSO need to see that the hole
> that was used to break in has been fixed. That could be a update to some
> application, but (at least in my experience) it is more often a problem
> with the configuration that let the bad guys in. Your restoring to a
> previous snapshot (or the out-of-box setup) is not fixing either problem.

What he said.

Sorry I didn't detail that, myself -- and it's always good to have Old
Guy to backstop me.

At the risk of me-too-ing, that is really the most vital step:
determining what went wrong with your prior setup, and doing your best
to ensure that the compromise will not repeat. In that regard, there's
really no substitute for knowing your system, and making sure -you- are
in charge of its configuration and software selection. If the
distribution creates unnecessary risk factors by default, _fix_ that:
You're not supposed to simply rely on the defaults. If the distribution
furnishes questionable security-sensitive applications, remove and
possibly replace them.

And don't forget Moen's Second Law of Security: "A system can be only
as secure as the dumbest action it permits its dumbest user to perform"
(http://linuxmafia.com/~rick/lexicon.html#moenslaw-security2). E.g.,
sometimes, the bad guys got in because one of your users exposed his
access token on a compromised (e.g.) shared university machine, allowing
the intruders to enter masquerading as a legitimate user. 

-- 
Cheers,                 "Due to circumstances beyond our control, we regret to
Rick Moen               inform you that circumstances are beyond our control."
rick@linuxmafia.com                                              --Paul Benoit