Have been hacked?
From: Bill (bbonner_at_pullman.com)
Date: 04/12/04
- Next message: Jeff Cochran: "Re: what"
- Previous message: siljaline: "CWShredder [1.56.2]"
- In reply to: Kelly C: "Have been hacked?"
- Next in thread: Jeff Cochran: "Re: Have been hacked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Apr 2004 11:23:00 -0700
where to start. In order to tell if you have been hacked
or not I would have to see your logs. My particular focus
is penetration testing, so I know a decent amount about
this. As far as what to avoid in the future, and what to
do in the future, there is a whole lot there and I cannot
possibly cover it all in one post. Here are the basics
though.
Only run services and functions that are absolutely
neccessary. Every service is a potential security threat,
so use them wisely.
Second, update all the time. Stay up to date, get on a
newsletter, and update your OS, and any other products
such as routers, etc... The more up to date you are the
more secure you are. About 90% of hacked systems are not
up to date and were hacke dusing old security threats that
were never updated. Use windows auto update if you need
to as well as 3rd party mailing lists.
Third, if this is a commercial enterprise get someone who
is certified and experianced to test your servers. If you
do not know what to look for in a consultant, ask me and I
will tell you what to look for in a potential consultant.
Fourth, change the name of the admin account and create
password rules incorporating upper case, lower case,
numbers, and special characters on all accounts for max
security. Set passwords to expire every 45 days, as a
strong password takes longer then that to crack even using
leading software and hardware.
Fifth, educate users about secirty, walk them through the
basic guidelines, and make sure they understand that they
are responsible for security just like anyone else in the
company. Any compromised account can lead to a domino
effect of hacked accounts leading up to the admin account,
and total loss of control of your server.
sixth and final, create a duplicate of your servers and
keep them in sync and backed up, so if your main servers
die, you just switch you backups in place. Plus this
gives you the option of having a development server to
test out new things.
Ok, this is obviously not a comprehensive strategy, but
it's the best I can do in one post. You have my e-mail,
feel free to ask me questions via e-mail, or post
questions.
P.S. For network security use a up to date IDS, border
firewell that is well configured, proxy prefferably, get a
good rule set for both, and use switches to segment your
networks. Hope this helps.
>-----Original Message-----
>How do you know for sure if some one has hacked in to
your server? I have logs that show a piticular ip address
trying to log in under services... However it does not
look like he was able to get in but now I am not able to
log on the the server as an administrator... It is like I
am a guest. I can see things but I am not able to do
anything. This is on one of my members servers.. However
I am warrie of reboot the other two servers thinking that
I may not be able to get in to them. I am not even able
to log on as the administrator for that computer.!! I have
tried everything that I can think of. Log on as the pc
administrator will not allow that. I created a new
account and gave them Enterprize admin you name it I have
done it. Now I am having even more issues... I will have
to rebuild I am sure but do not want this to happen
again. Any advice or suggestions.
>
>Kelly
>.
>
- Next message: Jeff Cochran: "Re: what"
- Previous message: siljaline: "CWShredder [1.56.2]"
- In reply to: Kelly C: "Have been hacked?"
- Next in thread: Jeff Cochran: "Re: Have been hacked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
