Re: When some is infected?

[ToddAndMargo <ToddAndMargo () zoho com>]

On 10/11/2013 04:17 AM, BillV-Lists wrote:
> Hi Todd,
>
> I'm not sure I understand what you're asking for. When you walk up to a
> "protected" computer... are you talking about a system protected with
> Kaspersky?

Yes.  And reasonable steps taken to protected it.

> And what do you mean "get past penetration testing"?

A crafty bad guy would not open ports to be detected
by nmap.  They would only go out and make connections.
I was looking for a way to "snoop" on that traffic.

> Yes, wireshark would allow you to watch network traffic on a system.
> This could indicate signs of an infection or other software you don't
> want. If you're looking for something at the enterprise level, you'd
> probably want to take a look at something like FireEye or Damballa.
>
> Bill

Thank you!
-T

> On 10/10/2013 11:11 PM, ToddAndMargo wrote:
> > Hi All,
> >
> >    Since I sell Kaspersky and have had a lot of customers
> > on it for years, I have learned that if something gets
> > by Kaspersky, it is going to be a wild ride getting rid
> > of it.   (I get rid of them manually and/or run other
> > vendors stuff at the computer.)
> >
> >    Now a days, when I walk up to a protected computer,
> > my thoughts are "maybe".  Did something get past that is not
> > being detected?
> >
> >    Now I am thinking that a well crafted bad guy is
> > going to get past "penetration testing" (PEN).  Although
> > find anything like this is not the scope of PEN
> > testing, I am still thinking it would be ethical
> > to see if any traffic is sneak out that is not suppose
> > to be.
> >
> >   So I was thinking that I should turn off all network
> > traffic producing programs I know of on the POS computer,
> > and just sit watching its outgoing traffic to make
> > sure there is no bad guy Command and Control going on.
> > Does this make sense to you?
> >
> >    Is Wireshark the proper tool for this?
> >
> > Your thoughts always appreciated.
> >
> > -T


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------