[GLLUG] meeting idea?
Thomas Hruska
thruska at cubiclesoft.com
Tue Aug 22 17:32:52 EDT 2006
Benjamin Cathey wrote:
> The recent discussion about the putty titlebar gave me an idea. How about a "So you've been hacked - how to deal with it" meeting? Topics like how to detect you have a problem and what to do about the problem.
>
> I know this can be a tricky subject. When I started my new job here the first thing I had to do was reload the mailserver. It had been hacked (they left traces in the .bash_history) and I didn't know what else to do but reload.
That was the smart course of action (if not brilliant) if that is all
you knew how to do at the time. Now that you've had more experience you
might be able to dig down into the system and trace what actually
happened before reinstalling the OS and thus you could close off the
open security hole (could have just been old, buggy software and an
upgrade to newer [buggy] software closed the open hole - or the security
hole might still exist in, say, the firewall).
When I encounter a compromised system, the first thing I do is pull the
Internet/LAN connection (bare minimum - shutting it down completely is
better). That way it can't spread and, if a rootkit/backdoor combo is
installed, anyone remotely accessing the computer loses access. It also
isolates the machine from the rest of the network. If the machine is
off, you can spend an hour deciding the best course of action.
Formulate a plan, then turn on the computer and execute the plan as
quickly as possible. Getting data off the computer safely should be
among the top tasks. If getting the data off is easier by removing the
hard drive and putting it into another non-networked computer, do that.
BTW, if a networked computer is hacked, you should immediately assume
the whole network has been compromised.
> I know this is a fear for people who are thinking about migrating to linux.
Not just Linux, but any OS. People constantly ask me things like, "Is
online banking safe?" I then describe what phishing attacks are and how
to recognize them and point out that if they are generally careful and
observant and don't do dumb things like give out their banking
information, online banking is fast and safe but it has the tendency to
lose the "personal touch".
--
Thomas Hruska
CubicleSoft President
Ph: 517-803-4197
Safe C++ Design Principles (First Edition)
Learn how to write memory leak-free, secure,
portable, and user-friendly software.
Learn more and view a sample chapter:
http://www.CubicleSoft.com/SafeCPPDesign/
More information about the linux-user
mailing list