Re: Disney Down?

[Micheal Espinola Jr <michealespinola () gmail com>]

I agree that not all exploits need to or should be handled in such a
way, but this type of open-ended exploit where potentially anything
could have been dropped or altered on a system would force me as an
network/security/systems administrator to have to take appropriate
action to protect my employer.

Yep, it's defiantly extreme.  I wouldn't want to have to do it.  But,
I still would do it all the same.  In my experience the risk is just
too great not to.  Which is why we store data on secure servers, and
can multi-cast images for workstations for easy rebuilds.  Its a shame
not everyone can work in an environment where things like this can be
done that easily, but that doesn't mean that they shouldn't be done at
all.

I have yet to work work for an employer where my management and fellow
staff wouldn't be prepared to do the same - thank goodness.

I shudder to think about it happening to me...


On 8/19/05, Steve Kudlak <chromazine () sbcglobal net> wrote:
> Micheal Espinola Jr wrote: 
> Absolutely. Once a system has been exploited in such a manner, it
> is
completely untrustable. It should most definitely be wiped.

The IT ppl
> in SDC (and many other places) need to all be lined up and
smacked Three
> Stooges style.

On 8/19/05, Donald J. Ankney <dankney () sunsetfilms com>
> wrote:

> Any IT department that simply removes a worm and shoves a box back
into
> production has serious issues.

After a machine has been compromised, it
> should be wiped and rebuilt.

>  
> As a practical matter how many boxes are we talking about. I mean I have
> removed worms and viruses (note I don't use the l;ural virii because it is
> too close to the proper Latin Plural of "men";) and put boxes back into use.
> But not in places that are critical. Does one rebuiild everytime something
> goes wrong? Seems extreme to me. I dunno if this is the place to discuss
> issues like this. Now of course with worm designers getting more
> sophisticated it might be that more extereme measures should be taken
> earlier in the descision chain. Now if people implement a really adequate
> backup system, like everything over the last hour is safely backed up it
> might be possible to do that. Anyway it is an interesting case, easy to say
> now that I am disabled and watching from the sidelines.
>
> Have Fun,
> Sends Steve


-- 
ME2  <http://www.santeriasys.net/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/