Security Basics
Re: When some is infected? Oct 25 2013 11:43PM
ToddAndMargo (ToddAndMargo zoho com)


Hi! This is the ezmlm program. I'm managing the
security-basics (at) securityfocus (dot) com [email concealed] mailing list.

I'm working for my owner, who can be reached
at security-basics-owner (at) securityfocus (dot) com. [email concealed]

I'm sorry, the list moderators for the security-basics list
have failed to act on your post. Thus, I'm returning it to you.
If you feel that this is in error, please repost the message
or contact a list moderator directly.

--- Enclosed, please find the message you sent.

Re: When some is infected?.eml
Subject:
Re: When some is infected?
From:
ToddAndMargo <ToddAndMargo (at) zoho (dot) com [email concealed]>
Date:
10/14/2013 04:13 PM
To:
Predrag Petrovic <pedjap (at) gmail (dot) com [email concealed]>, "security-basics (at) securityfocus (dot) com [email concealed]"
<security-basics (at) securityfocus (dot) com [email concealed]>

>> On 11 October 2013 06:11, ToddAndMargo <ToddAndMargo (at) zoho (dot) com [email concealed]
>> <mailto:ToddAndMargo (at) zoho (dot) com [email concealed]>> wrote:
>>
>> Hi All,
>>
>> Since I sell Kaspersky and have had a lot of customers
>> on it for years, I have learned that if something gets
>> by Kaspersky, it is going to be a wild ride getting rid
>> of it. (I get rid of them manually and/or run other
>> vendors stuff at the computer.)
>>
>> Now a days, when I walk up to a protected computer,
>> my thoughts are "maybe". Did something get past that is not
>> being detected?
>>
>> Now I am thinking that a well crafted bad guy is
>> going to get past "penetration testing" (PEN). Although
>> find anything like this is not the scope of PEN
>> testing, I am still thinking it would be ethical
>> to see if any traffic is sneak out that is not suppose
>> to be.
>>
>> So I was thinking that I should turn off all network
>> traffic producing programs I know of on the POS computer,
>> and just sit watching its outgoing traffic to make
>> sure there is no bad guy Command and Control going on.
>> Does this make sense to you?
>>
>> Is Wireshark the proper tool for this?
>>
>> Your thoughts always appreciated.
>>
>> -T

On 10/14/2013 01:46 AM, Predrag Petrovic wrote:
> Over the last few years I've worked on several projects regarding
> malware detection and removal. The best method I have developed is to
> install an antivirus solution, scan it and then monitor. Regarding
> monitoring, usually I deploy traffic monitoring solutions between the
> client workstation/notebook network and rest of the infrastructure. The
> monitoring includes Wireshark and set of custom developed scripts and
> software to monitor typical user behaviour and then apply filters to
> Wireshark to eliminate legitimate traffic.
>
> HTH.
>
> P.

Yes it does, thank you. -T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus