Home page logo

basics logo Security Basics mailing list archives

Re: computer with rootkit?
From: Jeff Stebelton <jeff.stebelton () gmail com>
Date: Fri, 30 Sep 2011 10:43:32 -0400

Re-imaging an infected machine is the de facto standard in every
environment I've worked in. You can never be sure  that you've
eradicated every component, and to try and do so is not only a waste
of time, compared with re-imaging, but is subjecting your network to a
possible continued threat. Pull the box if analysis on it is needed,
put your standard image on another machine and replace it and move on.
Desktop can do the switch and hand off the compromised box to network
security to determine if any analysis needs done or if the box needs
preserved for an investigation (if there's network evidence of data
leakage or if the attacker had remote access to the machine or
whatever your policy dictates). I've done network security for eleven
years and have never, ever heard of any shop who allowed a rootkit
victimized box to be put back on the network without being re-imaged
first. That is bad policy, and will eventually come back to bite you
in the butt.

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]