Re: Ramen

["Ryan W. Maple" <ryan () GUARDIANDIGITAL COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Wed, 24 Jan 2001, Russell Fulton wrote:

> On Mon, 22 Jan 2001 16:43:09 -0800 Dave Dittrich
> <dittrich () CAC WASHINGTON EDU> wrote:
>
> > > Matt, generally (well, actually 99.999% of the time), the rule is to
> > > totally reformat whenever there has been a root level compromise.
> > > Go to your old backups, restore from there.  Have a stiff drink, for
> > > that box is history.
> >
> > My rule #0 is get an image copy before doing your rule #1.
> > Yes, trying to "clean up" is nearly futile, but properly handling
> > the incident is important.
>
> I agree that this is desirable, however it is non trivial on most
> modern systems which don't have handy tapedrives etc.

I agree with that point, however, there is a threshold which should be
discussed.  If you are at home on your 56k PPP link (does anybody actually
have those anymore?) and somebody cracks your machine, it's generally not
something you are going to pursue.  If you are in any sort of
organization, then it is definately something you will pursue.

I think any organization with some sort of security awareness will have
some sort of medium to save an image on, be it a tape drive, CD-R, or even
an extra hard drive sitting around somewhere.

Just my $.02.

Cheers,
Ryan

 +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
   Ryan W. Maple          "I dunno, I dream in Perl sometimes..."  -LW
   Guardian Digital, Inc.                     ryan () guardiandigital com
 +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6bxVLIwAIA9MpKWcRAukqAJwKZPuvXda6CT9tgV6R+wx1q3PnRgCdHJra
wTu9Kk75J3Rwcl8i4IBxI4s=
=68dG
-----END PGP SIGNATURE-----