[GLLUG] meeting idea?

Thomas Hruska thruska at cubiclesoft.com
Tue Aug 22 17:32:52 EDT 2006


Benjamin Cathey wrote:
> The recent discussion about the putty titlebar gave me an idea.  How about a "So you've been hacked - how to deal with it" meeting?  Topics like how to detect you have a problem and what to do about the problem.
> 
> I know this can be a tricky subject.  When I started my new job here the first thing I had to do was reload the mailserver.  It had been hacked (they left traces in the .bash_history) and I didn't know what else to do but reload.  

That was the smart course of action (if not brilliant) if that is all 
you knew how to do at the time.  Now that you've had more experience you 
might be able to dig down into the system and trace what actually 
happened before reinstalling the OS and thus you could close off the 
open security hole (could have just been old, buggy software and an 
upgrade to newer [buggy] software closed the open hole - or the security 
hole might still exist in, say, the firewall).

When I encounter a compromised system, the first thing I do is pull the 
Internet/LAN connection (bare minimum - shutting it down completely is 
better).  That way it can't spread and, if a rootkit/backdoor combo is 
installed, anyone remotely accessing the computer loses access.  It also 
isolates the machine from the rest of the network.  If the machine is 
off, you can spend an hour deciding the best course of action. 
Formulate a plan, then turn on the computer and execute the plan as 
quickly as possible.  Getting data off the computer safely should be 
among the top tasks.  If getting the data off is easier by removing the 
hard drive and putting it into another non-networked computer, do that.

BTW, if a networked computer is hacked, you should immediately assume 
the whole network has been compromised.


> I know this is a fear for people who are thinking about migrating to linux.

Not just Linux, but any OS.  People constantly ask me things like, "Is 
online banking safe?"  I then describe what phishing attacks are and how 
to recognize them and point out that if they are generally careful and 
observant and don't do dumb things like give out their banking 
information, online banking is fast and safe but it has the tendency to 
lose the "personal touch".

--
Thomas Hruska
CubicleSoft President
Ph: 517-803-4197

Safe C++ Design Principles (First Edition)
Learn how to write memory leak-free, secure,
portable, and user-friendly software.

Learn more and view a sample chapter:
http://www.CubicleSoft.com/SafeCPPDesign/



More information about the linux-user mailing list