Security Basics mailing list archives
Re: Aw: When some is infected?
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Fri, 11 Oct 2013 18:04:13 -0700
On 10/11/2013 12:41 AM, Adam Pal wrote:
Hi, sorry, i dont get it. What exactly are you asking about: 1. client security (including AV)? 2. scope of a Pentest (which should be clearly defined and performed by a trusted company)? 3. network security (you never mentioned a FW)? 4. heursitic surveliance (detecting malicious traffic)?
I am looking for malicious traffic coming from an otherwise protected computer (AV). AV's are not perfect.
5. honeypot? btw. how do you know or how do you ensure what programms exactly are producing traffic? Or how do you know that the ones which remain do not produce any traffic at all? To put it in a simple example: if my notebook has malicious code producing traffic, I confess that I have no idea how to isolate the malicious programm, knowing that also my windows produces traffic and if I compeltely shut down my notebook, there wont be no traffic at all.
I figure if I find malicious traffic, I will figure out how to trace it down to the application when the time comes. May have to erase and start over if AV's can't find the malcontent.
BR Adam Pal *Gesendet:* Freitag, 11. Oktober 2013 um 05:11 Uhr *Von:* ToddAndMargo <ToddAndMargo () zoho com> *An:* "security-basics () securityfocus com" <security-basics () securityfocus com> *Betreff:* When some is infected? Hi All, Since I sell Kaspersky and have had a lot of customers on it for years, I have learned that if something gets by Kaspersky, it is going to be a wild ride getting rid of it. (I get rid of them manually and/or run other vendors stuff at the computer.) Now a days, when I walk up to a protected computer, my thoughts are "maybe". Did something get past that is not being detected? Now I am thinking that a well crafted bad guy is going to get past "penetration testing" (PEN). Although find anything like this is not the scope of PEN testing, I am still thinking it would be ethical to see if any traffic is sneak out that is not suppose to be. So I was thinking that I should turn off all network traffic producing programs I know of on the POS computer, and just sit watching its outgoing traffic to make sure there is no bad guy Command and Control going on. Does this make sense to you? Is Wireshark the proper tool for this? Your thoughts always appreciated. -T
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- When some is infected? ToddAndMargo (Oct 10)
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Re: Aw: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- <Possible follow-ups>
- Re: When some is infected? ToddAndMargo (Oct 28)
- Re: When some is infected? ToddAndMargo (Oct 28)
- Re: When some is infected? ToddAndMargo (Oct 28)