Re: Aw: When some is infected?

[ToddAndMargo <ToddAndMargo () zoho com>]

On 10/11/2013 12:41 AM, Adam Pal wrote:
> Hi,
> sorry, i dont get it.
> What exactly are you asking about:
> 1. client security (including AV)?
> 2. scope of a Pentest (which should be clearly defined and performed by
> a trusted company)?
> 3. network security (you never mentioned a FW)?
> 4. heursitic surveliance (detecting malicious traffic)?

I am looking for malicious traffic coming from an otherwise
protected computer (AV).  AV's are not perfect.

> 5. honeypot?
> btw. how do you know or how do you ensure what programms exactly are
> producing traffic?
> Or how do you know that the ones which remain do not produce any traffic
> at all?
> To put it in a simple example: if my notebook has malicious code
> producing traffic, I confess that I have no idea how to isolate
> the malicious programm, knowing that also my windows produces traffic
> and if I compeltely shut down my notebook,
> there wont be no traffic at all.

I figure if I find malicious traffic, I will figure out
how to trace it down to the application when the time comes.
May have to erase and start over if AV's can't find the
malcontent.


> BR
> Adam Pal
> *Gesendet:* Freitag, 11. Oktober 2013 um 05:11 Uhr
> *Von:* ToddAndMargo <ToddAndMargo () zoho com>
> *An:* "security-basics () securityfocus com"
> <security-basics () securityfocus com>
> *Betreff:* When some is infected?
> Hi All,
>
> Since I sell Kaspersky and have had a lot of customers
> on it for years, I have learned that if something gets
> by Kaspersky, it is going to be a wild ride getting rid
> of it. (I get rid of them manually and/or run other
> vendors stuff at the computer.)
>
> Now a days, when I walk up to a protected computer,
> my thoughts are "maybe". Did something get past that is not
> being detected?
>
> Now I am thinking that a well crafted bad guy is
> going to get past "penetration testing" (PEN). Although
> find anything like this is not the scope of PEN
> testing, I am still thinking it would be ethical
> to see if any traffic is sneak out that is not suppose
> to be.
>
> So I was thinking that I should turn off all network
> traffic producing programs I know of on the POS computer,
> and just sit watching its outgoing traffic to make
> sure there is no bad guy Command and Control going on.
> Does this make sense to you?
>
> Is Wireshark the proper tool for this?
>
> Your thoughts always appreciated.
>
> -T


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------