Jamie Riden
Colapse all |
Post comment
After an Exploit: mitigation and remediation
2006-07-24
Anonymous (1 replies)
Anonymous (1 replies)
Re: After an Exploit: mitigation and remediation
2006-09-01
Jamie Riden
Jamie Riden
Absolutely! I tended to invest heavily in NIDS as there were a fair number of servers not directly controlled by me. (And I was pretty sure the ones I did control were reasonably securely configured). Hence the need to do monitoring with a system I did control - snort usually. If you do own the box,...
[ more ] [ reply ]
[ more ] [ reply ]
After an Exploit: mitigation and remediation
2006-07-27
Alex Major (1 replies)
Alex Major (1 replies)
I cannot disagree enough with the usefulness of renaming perl/curl/wget/tftp. Not only is this looking for trouble on your system stability, but it's pretty useless as you will never be able to enumerate accurately and exhaustively the binaries that could be used against you on your system. It's ser...
[ more ] [ reply ]
[ more ] [ reply ]
Re: After an Exploit: mitigation and remediation
2006-09-01
Jamie Riden
Jamie Riden
It's not a solution for every box. Personally, I uninstall ssh, telnet, ftp, etc. if unneeded on production boxes and I've never had any issues with system stability. What package management system are you using?
It's part of the usual, "if you don't need functionality X, remove it" approach. Be...
[ more ] [ reply ]
It's part of the usual, "if you don't need functionality X, remove it" approach. Be...
[ more ] [ reply ]
Integrity monitoring, I found ossec [ http://www.ossec.net ] to be much more useful than tripwire or aide and it also does rootkit detection and log analysis...
[ more ] [ reply ]