Security Basics mailing list archives
Re: When some is infected?
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Fri, 25 Oct 2013 16:43:38 -0700
Hi! This is the ezmlm program. I'm managing the security-basics () securityfocus com mailing list. I'm working for my owner, who can be reached at security-basics-owner () securityfocus com. I'm sorry, the list moderators for the security-basics list have failed to act on your post. Thus, I'm returning it to you. If you feel that this is in error, please repost the message or contact a list moderator directly. --- Enclosed, please find the message you sent. Re: When some is infected?.eml Subject: Re: When some is infected? From: ToddAndMargo <ToddAndMargo () zoho com> Date: 10/14/2013 04:13 PM To:Predrag Petrovic <pedjap () gmail com>, "security-basics () securityfocus com" <security-basics () securityfocus com>
>> On 11 October 2013 06:11, ToddAndMargo <ToddAndMargo () zoho com >> <mailto:ToddAndMargo () zoho com>> wrote: >> >> Hi All, >> >> Since I sell Kaspersky and have had a lot of customers >> on it for years, I have learned that if something gets >> by Kaspersky, it is going to be a wild ride getting rid >> of it. (I get rid of them manually and/or run other >> vendors stuff at the computer.) >> >> Now a days, when I walk up to a protected computer, >> my thoughts are "maybe". Did something get past that is not >> being detected? >> >> Now I am thinking that a well crafted bad guy is >> going to get past "penetration testing" (PEN). Although >> find anything like this is not the scope of PEN >> testing, I am still thinking it would be ethical >> to see if any traffic is sneak out that is not suppose >> to be. >> >> So I was thinking that I should turn off all network >> traffic producing programs I know of on the POS computer, >> and just sit watching its outgoing traffic to make >> sure there is no bad guy Command and Control going on. >> Does this make sense to you? >> >> Is Wireshark the proper tool for this? >> >> Your thoughts always appreciated. >> >> -T On 10/14/2013 01:46 AM, Predrag Petrovic wrote: > Over the last few years I've worked on several projects regarding > malware detection and removal. The best method I have developed is to > install an antivirus solution, scan it and then monitor. Regarding > monitoring, usually I deploy traffic monitoring solutions between the > client workstation/notebook network and rest of the infrastructure. The > monitoring includes Wireshark and set of custom developed scripts and > software to monitor typical user behaviour and then apply filters to > Wireshark to eliminate legitimate traffic. > > HTH. > > P. Yes it does, thank you. -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- When some is infected? ToddAndMargo (Oct 10)
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Re: Aw: When some is infected? ToddAndMargo (Oct 14)
- Message not available
- Re: When some is infected? ToddAndMargo (Oct 14)
- <Possible follow-ups>
- Re: When some is infected? ToddAndMargo (Oct 28)
- Re: When some is infected? ToddAndMargo (Oct 28)
- Re: When some is infected? ToddAndMargo (Oct 28)