Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Removing FIred admins

From: gadgeteer () elegantinnovations org
Date: Fri, 13 Feb 2004 09:09:43 -0700
On Fri, Feb 13, 2004 at 09:02:28AM +0100, Volker Tanger (volker.tanger () detewe de) wrote:

If you have to assume being compromised, re-install and re-configure all
your systems starting from scratch and clean media (boot from CD,
partition harddisc, format HD, install base system, ...) - 


I would amend that a person in such a position start with system(s) easily 
isolated.  Then with an established secure core grow it across the install 
base.  The initial core's function is monitoring and security based.  Then 
when one can reasonably ensure integrity going forward bring the gateway 
systems into the intranet into this core.  At this point control should be 
re-established over the environment and rebuilding those critical business 
systems makes sense.

Another message in this thread pointed out that this is more of a social 
issue then a technical one.  I essentially agree with this position.  
Exposition of social strategy is off-topic for this mailing list.
-- 
Chief Gadgeteer
Elegant Innovations

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: