Security Basics
Re: When some is infected? Oct 12 2013 01:06AM
ToddAndMargo (ToddAndMargo zoho com)
On 10/11/2013 02:04 AM, Nicolas Mitchell wrote:
>
> On 11 Oct 2013, at 04:11, ToddAndMargo <ToddAndMargo (at) zoho (dot) com [email concealed]> wrote:
>
>> Hi All,
>>
>> Since I sell Kaspersky and have had a lot of customers
>> on it for years, I have learned that if something gets
>> by Kaspersky, it is going to be a wild ride getting rid
>> of it. (I get rid of them manually and/or run other
>> vendors stuff at the computer.)
>>
>> Now a days, when I walk up to a protected computer,
>> my thoughts are "maybe". Did something get past that is not
>> being detected?
>
> The world is one of possibilities and probabilities.
>
> Things you might consider:
>
> Is the host OS and its applications fully patched. Have unnecessary applications been removed. Is the user able to install additional applications or otherwise make undesireable changes to the host's configuration. Are the user's web habits sensible; have they been given advice about sensible behaviour?
>
> In other words, have reasonable steps been taken to defend against known attacks/vulnerabilities?

Yes. But ....

>
>>
>> Now I am thinking that a well crafted bad guy is
>> going to get past "penetration testing" (PEN). Although
>> find anything like this is not the scope of PEN
>> testing, I am still thinking it would be ethical
>> to see if any traffic is sneak out that is not suppose
>> to be.
>
> Penetration Testing is one thing, testing the integrity of hosts within a network is another. Maybe not a question of ethics but of customer care.
>

Agreed.

>>
>> So I was thinking that I should turn off all network
>> traffic producing programs I know of on the POS computer,
>> and just sit watching its outgoing traffic to make
>> sure there is no bad guy Command and Control going on.
>> Does this make sense to you?
>
> If you are responsible for this computer and you wish to verify its integrity, you might:
>
> - Wipe it and reinstall the OS and applications; enforce policies that prevent unauthorised changes.

As a lst resort.

> - Clone it and analyse its behaviour at your leisure.

Now that is a cleaver idea!

> - Etc.

>>
>> Is Wireshark the proper tool for this?
>
> It's a tool; additional tools you might consider using are TCP View/netstat, etc; Process Explorer, Autoruns, etc.
> >

Thank you!
-T

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus