Home page logo

basics logo Security Basics mailing list archives

Re: ridiculous situation
From: bda <bda () mirrorshades net>
Date: Thu, 28 Nov 2002 15:11:50 -0500

Write up a decently detailed plan for migrating each of the running
services off the machines onto newly installed, secure boxes. You can't
trust those machines, you can't really trust the previous
administrator(s), and you can't trust what you don't know.

Since it's just five machines, it wouldn't take a lot of time to dig
through the machines, find out what they do, how they do it, and then
move all of that stuff elsewhere.

Just make sure you write up a proposoal and migration plan first, and
then follow it -- making notes as you go along so it's all documented.

I've been through this situation several times, unfortunately. The goal
is not to go around replacing every machine when you first start a new
job, or inherit new responsibilities, but to assess each new device as a
security risk and take the appropriate actions.

On Wed, Nov 27, 2002 at 12:06:12PM -0800, harley mcdonald wrote:

this is kinda broad...say you've inherited 5 ( R.H.
linux ) machines.   all of which have been on for a
year, not firewalled and not backed up.

management has a "ain't broke don't fix" mentality.  i
guess, what would you do?   how would you be sure
there are no trojans, bots etc...chkrootkit and so on,
i suppose, but how reliable will the results be?   how
can i be sure there isn't a key-logger in the kernel.

you can't simply firewall them off and leave them for
dead.   legal action can be taken against the company
in the event of a break-in and subsequent attacks on
other companies.

and on and on. 

any ideas?


Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site

Cyberpunk is dead.  Long live cyberpunk.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]