Security Basics mailing list archives
Re: compromised network
From: "Greg" <pchandyman () ozemail com au>
Date: Fri, 2 Jan 2004 20:33:41 +1100
----- Original Message ----- From: "JM" <jm () mindless com> To: "'Dana Rawson'" <absolutezero273c () nzoomail com>; <security-basics () securityfocus com> Sent: Wednesday, December 31, 2003 12:33 AM Subject: RE: compromised network
The only way to be 100% is to completely start from scratch again.
You know, I have read this reply from many people, over and over again and without going to the trouble of finding the original message again, all I can say is - whatever happened to the idea of image backups with incrementals? Eg, let's say all is quiet and OK and the crap started happening, at the local timezone of that machine, at 11PM. Let's FURTHER say that the business has a once a week full backup with hourly incrementals. What the heck is the matter with going back to that SAME day at 10PM's incremental and restoring from that image/incremental? Sure, the WEAKNESS that ALLOWED all this to happen may WELL have occurred prior to that date but if you have the logs with ports and IP ranges, surely you can get away without starting from scratch? Otherwise, what the HELL is the use of backing ANYTHING up? Oh yes, in case of hardware blowout (eg, hard drive burning out), equipment theft etc. Yes I hear all that but at this date in 2004, I have to say that the chances of that happening as opposed to what DID happen to this person are small. I think the hardware will continue through many such intrusion attempts. Now, after reinstalling from image/incremental, I would, as some have said, get someone in who really knows what he/she is doing to A) Make the possibility of it happening ever again as close to zero as it can be; B) Get rid of whatever the weakness was that allowed this to happen. Reformat and install from scratch? That is more or less, to me personally, like "My car is out of fuel! I better buy a new car!". Yes, I am a hoarder but that is the mindset of most people in I.T. or even those not in I.T. with an interest in it. Greg. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: compromised network Greg (Jan 02)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 02)
- Re: compromised network Greg (Jan 05)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 05)
- Re: compromised network Greg (Jan 08)
- Re: compromised network Greg (Jan 05)
- Re: compromised network Ansgar -59cobalt- Wiechers (Jan 02)
- Re: compromised network - backups Alvin Oga (Jan 05)
- <Possible follow-ups>
- RE: compromised network Mike (Jan 05)
- Re: compromised network Dana Rawson (Jan 06)
- RE: compromised network Francisco Mário Ferreira Custódio (Jan 07)