Security Basics
Re: When some is infected? Oct 12 2013 01:09AM
ToddAndMargo (ToddAndMargo zoho com)
On 10/11/2013 04:17 AM, BillV-Lists wrote:
> Hi Todd,
>
> I'm not sure I understand what you're asking for. When you walk up to a
> "protected" computer... are you talking about a system protected with
> Kaspersky?

Yes. And reasonable steps taken to protected it.

> And what do you mean "get past penetration testing"?

A crafty bad guy would not open ports to be detected
by nmap. They would only go out and make connections.
I was looking for a way to "snoop" on that traffic.

>
> Yes, wireshark would allow you to watch network traffic on a system.
> This could indicate signs of an infection or other software you don't
> want. If you're looking for something at the enterprise level, you'd
> probably want to take a look at something like FireEye or Damballa.
>
> Bill

Thank you!
-T

>
> On 10/10/2013 11:11 PM, ToddAndMargo wrote:
>> Hi All,
>>
>> Since I sell Kaspersky and have had a lot of customers
>> on it for years, I have learned that if something gets
>> by Kaspersky, it is going to be a wild ride getting rid
>> of it. (I get rid of them manually and/or run other
>> vendors stuff at the computer.)
>>
>> Now a days, when I walk up to a protected computer,
>> my thoughts are "maybe". Did something get past that is not
>> being detected?
>>
>> Now I am thinking that a well crafted bad guy is
>> going to get past "penetration testing" (PEN). Although
>> find anything like this is not the scope of PEN
>> testing, I am still thinking it would be ethical
>> to see if any traffic is sneak out that is not suppose
>> to be.
>>
>> So I was thinking that I should turn off all network
>> traffic producing programs I know of on the POS computer,
>> and just sit watching its outgoing traffic to make
>> sure there is no bad guy Command and Control going on.
>> Does this make sense to you?
>>
>> Is Wireshark the proper tool for this?
>>
>> Your thoughts always appreciated.
>>
>> -T
>>
>>
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus