Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Looking for help against Chinese Hacking Team
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Mon, 15 Dec 2008 15:26:36 -0500

Comments are embedded below.

On Dec 15, 2008, at 9:34 AM, ArcSighter Elite wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Hale wrote:
You volunteering Tom?  ;)

On 12/13/08, Tom Le <dottom () gmail com> wrote:
On Fri, Dec 12, 2008 at 6:22 PM, Mike Hale <eyeronic.design () gmail com >
wrote:
Your choices are cheap, fast and properly.

Pick two.
;)
Yes, often quoted, but not necessarily always true.

You can get pro bono work from security experts who are "fast" and know what they are doing. But you would have to trust them to some degree depending
on what information is needed.





Well, I agree with list, $200 won't get you far.

I think/hope he was talking about $200/hr.


If you require professional services that would seem a joke, at least to
me.
In the mean time, this is what I think.

Yes, consider porting, we won't debate linux vs win here, but linux is
securer and easier to adapt, you know.
Second, what company are you working for that doesn't provide an
incident response politic and team? They should do this, for any
non-trivial business process.
Third, review logs, do forensics, trace the attack vector and in some
very few cases, the source of the attack. If you're only interested in
securing the web site then the attack vector is the main target you have
to identify. Don't blindly trust in automated products, they will give
you false positives and negatives; those cases a human being will spot
and assess accurately. Set up and configure a IDS (Snort and Encase will do fine) and configure SQL injection detection rules, for example, this
is in the most cases will evade only script-kiddies, the way I known,
but I will provide you with another layer of security, I don't think you
have many of them.

Thats a waste of time and resources. Don't waste your time tracking down the ways that an insecure application can be attacked. Implement security then find weaknesses that were missed.


Lastly, consider going downtime, and set up a honey with the web
server's IP and DNS, then analyze the honey, and determine the source.

Why would anyone do that? Its not like he can track down and beat up the hackers. He needs to prevent the attacks from working. Thats bad advice man.


That's all I can figure out in the moment.

Sincerely.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJRmr7H+KgkfcIQ8cRAmZPAKCtg+r8OpMcn2EcP5Ro7Kt4nn0PrwCgshI0
zFxOBJgGy/V69tONVRcvyBU=
=/BXl
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


Adriel T. Desautels
ad_lists () netragard com




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault