Educause Security Discussion mailing list archives
Re: SSNs, rootkits, Incident Response, etc...
From: John Tooley <jtooley () CSUN EDU>
Date: Thu, 6 Jul 2006 09:55:16 -0700
Very interesting. We (ISO) have been asked to run assessments on ALL (200+) servers in our environment after one of our systems was compromised. So we are trying to come up with a toolkit to scan for compromises (rootkits, Trojans, etc.) and has secure reporting abilities. One of the challenges is just finding tools that work on all our flavors...Windows, Unix (HP, Alpha), Linux, Solaris. And the greatest challenge is finding something straightforward enough to use so we can give this to our tech's to run and they don't require a forensics' background! So where's the beta :) JT John R. Tooley, CISSP Information Security Analyst California State University, Northridge -----Original Message----- From: Gary Golomb [mailto:coach () GWU EDU] Sent: Thursday, July 06, 2006 6:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SSNs, rootkits, Incident Response, etc... Hi there all- There's been a few threads touching on this over the past few months, so I figured I'd throw this out to the list... We have a custom-developed application (not a script/wrapper) that performs incident response functions, searches for social security numbers, probes for kernel-level rootkits, searches for trojans commonly missed by virus scanners, encrypts/uploads reports, etc, etc.... See the attached file for more information. (Hopefully it goes though... If not, I'll make a follow-up post with more details...) My questions are: - Who else has something like this or is using something like it already? - How much interest would others have in *really* using it? Thanks in advance. Off list replies are fine with me... -gary ------ Gary Golomb Computer Forensics Engineer ISS/Network Systems Security 801 22nd St NW Rm B204A Washington, DC 20052 coach () gwu edu http://home.gwu.edu/~coach
Current thread:
- SSNs, rootkits, Incident Response, etc... Gary Golomb (Jul 06)
- <Possible follow-ups>
- Re: SSNs, rootkits, Incident Response, etc... Graham Toal (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... John Tooley (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... John (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Gary Dobbins (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Gary Golomb (Jul 06)
- Re: SSNs, rootkits, Incident Response, etc... Graham Toal (Jul 07)
- Re: SSNs, rootkits, Incident Response, etc... Valdis Kletnieks (Jul 07)
- Re: SSNs, rootkits, Incident Response, etc... Alan Amesbury (Jul 18)