Full Disclosure: Re: Linux - Indicators of compromise

[valdis.kletnieks () vt edu]

On Thu, 26 Jul 2012 09:07:33 -0400, Григорий Братислава said:

> Really? Shut down is entire racks? Because you will have
> backup/standby entire 42Us?
If you can't shut down the entire rack, you've screwed up your DR and
business continuity planning.

This isn't just a problem for large sites - I've seen lots of places claim "We
can't take 3 hours of downtime to patch/upgrade/test/whatever because
everything is on that one server".  And my response has always been "And what
were you planning to do if you blew out a power supply or a system board and
had a 3-hour outage?".

But unfortunately, you're right - most places have screwed up their DR planning
and can't shut down.  They've also screwed up their network config so it isn't trivial
to track down which port a problem attacker is on. (And yes, tracking down a
miscreant at level 2/3 *is* trivial if your network is in fact properly designed
and managed)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/