Re: When some is infected?

[ToddAndMargo <ToddAndMargo () zoho com>]

Hi! This is the ezmlm program. I'm managing the
security-basics () securityfocus com mailing list.

I'm working for my owner, who can be reached
at security-basics-owner () securityfocus com.

I'm sorry, the list moderators for the security-basics list
have failed to act on your post. Thus, I'm returning it to you.
If you feel that this is in error, please repost the message
or contact a list moderator directly.

--- Enclosed, please find the message you sent.


Re: When some is infected?.eml
Subject:
Re: When some is infected?
From:
ToddAndMargo <ToddAndMargo () zoho com>
Date:
10/14/2013 04:13 PM
To:
Predrag Petrovic <pedjap () gmail com>, "security-basics () securityfocus com" 
<security-basics () securityfocus com>

>> On 11 October 2013 06:11, ToddAndMargo <ToddAndMargo () zoho com
>> <mailto:ToddAndMargo () zoho com>> wrote:
>>
>>     Hi All,
>>
>>         Since I sell Kaspersky and have had a lot of customers
>>     on it for years, I have learned that if something gets
>>     by Kaspersky, it is going to be a wild ride getting rid
>>     of it.   (I get rid of them manually and/or run other
>>     vendors stuff at the computer.)
>>
>>         Now a days, when I walk up to a protected computer,
>>     my thoughts are "maybe".  Did something get past that is not
>>     being detected?
>>
>>         Now I am thinking that a well crafted bad guy is
>>     going to get past "penetration testing" (PEN).  Although
>>     find anything like this is not the scope of PEN
>>     testing, I am still thinking it would be ethical
>>     to see if any traffic is sneak out that is not suppose
>>     to be.
>>
>>        So I was thinking that I should turn off all network
>>     traffic producing programs I know of on the POS computer,
>>     and just sit watching its outgoing traffic to make
>>     sure there is no bad guy Command and Control going on.
>>     Does this make sense to you?
>>
>>         Is Wireshark the proper tool for this?
>>
>>     Your thoughts always appreciated.
>>
>>     -T


On 10/14/2013 01:46 AM, Predrag Petrovic wrote:
> Over the last few years I've worked on several projects regarding
> malware detection and removal. The best method I have developed is to
> install an antivirus solution, scan it and then monitor. Regarding
> monitoring, usually I deploy traffic monitoring solutions between the
> client workstation/notebook network and rest of the infrastructure. The
> monitoring includes Wireshark and set of custom developed scripts and
> software to monitor typical user behaviour and then apply filters to
> Wireshark to eliminate legitimate traffic.
>
> HTH.
>
> P.

Yes it does, thank you.  -T



--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------