Educause Security Discussion mailing list archives
Re: Win2003 Server, IPSEC & HackerDefender
From: Danny Lee <abqdan () UNM EDU>
Date: Tue, 10 Aug 2004 10:48:55 -0600
If not already available, after re-install make sure a basic image of the machine configured for your environment is created. Having a complete working image for production servers is essential if you are to recover quickly from this type of problem. Ghost or other equivalent programs can create a DVD copy of the system that can be restored in minutes. -Danny --------------------- CIRT System Notices --------------------- Fast Info at http://fastinfo.unm.edu for: * Knowledge Base Search * Support Requests * Campus Alerts/Status * Network Alerts/Status For information concerning CIRT projects, see http://www.unm.edu/cirt/projects/index.html CIRT Support Center - 2701 Campus Blvd (by the parking structure) Normal hours: Mon-Fri - 8:00am to 5:00pm Extended hours (during semester): Mon-Thurs until 7pm After hours emergencies: Call the CIRT Command Center at 277-4646.
-----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Weeks, Calvin W. Sent: Tuesday, August 10, 2004 10:41 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Win2003 Server, IPSEC & HackerDefender I would agree. Wipe the drive and start all over and change all passwords associated with the infected machine(s). This has been the only way that we have been able to remove H.D. Rootkit. For the IPSEC configurations we use the NSA guides and if sample configurations are needed please, request to me at cweeks () ou edu. We have samples for most services. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~Calvin Weeks, (CISSP), CISM, EnCE ~Director, OU Cyber Forensics Lab ~University of Oklahoma ~http://security.ou.edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Win2003 Server, IPSEC & HackerDefender Michael G Carr (Aug 10)
- <Possible follow-ups>
- Re: Win2003 Server, IPSEC & HackerDefender Brian Eckman (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Steve Schuster (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Weeks, Calvin W. (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Danny Lee (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Berbeco, Robert W (Aug 10)