Educause Security Discussion mailing list archives

Re: Win2003 Server, IPSEC & HackerDefender

From: Danny Lee <abqdan () UNM EDU>
Date: Tue, 10 Aug 2004 10:48:55 -0600

If not already available, after re-install make sure a basic image of the
machine configured for your environment is created. Having a complete
working image for production servers is essential if you are to recover
quickly from this type of problem. Ghost or other equivalent programs can
create a DVD copy of the system that can be restored in minutes.

-Danny

---------------------
 CIRT System Notices
---------------------

Fast Info at http://fastinfo.unm.edu for:

* Knowledge Base Search
* Support Requests
* Campus Alerts/Status
* Network Alerts/Status

For information concerning CIRT projects, see
http://www.unm.edu/cirt/projects/index.html

CIRT Support Center - 2701 Campus Blvd (by the parking structure)
Normal hours:
Mon-Fri - 8:00am to 5:00pm

Extended hours (during semester):
Mon-Thurs until 7pm

After hours emergencies:
Call the CIRT Command Center at 277-4646.

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Weeks, Calvin W.
Sent: Tuesday, August 10, 2004 10:41 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Win2003 Server, IPSEC & HackerDefender

I would agree. Wipe the drive and start all over and change
all passwords associated with the infected machine(s). This
has been the only way that we have been able to remove H.D. Rootkit.
For the IPSEC configurations we use the NSA guides and if
sample configurations are needed please, request to me at
cweeks () ou edu. We have samples for most services.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Calvin Weeks, (CISSP), CISM, EnCE
~Director, OU Cyber Forensics Lab
~University of Oklahoma
~http://security.ou.edu

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Win2003 Server, IPSEC & HackerDefender Michael G Carr (Aug 10)
- <Possible follow-ups>
- Re: Win2003 Server, IPSEC & HackerDefender Brian Eckman (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Steve Schuster (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Weeks, Calvin W. (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Danny Lee (Aug 10)
- Re: Win2003 Server, IPSEC & HackerDefender Berbeco, Robert W (Aug 10)