Moderator note: Compromised Windows Server thread Jun 07 2006 12:05AM
Jesse Gough (jgough securityfocus com)
Hello list,

To save us from rehashing what comes up fairly frequently on Incidents,
I ask that replies to this thread (and future incident response threads
for that matter) focus specifically on details of the incident in question.

Two clashing schools of thought are, "wipe clean and reinstall from
known-good sources" and those that oppose this, with the belief that
proper disinfection is possible. There are plausible theoretical and
practical arguments for both sides (and personally, I am an advocate of
the former, which if proper backup/recovery procedures are in place as
they should be, the expense incurred is relatively minimal), but these
should not be introduced into every new thread. Perhaps if there is
enough interest, a thread dedicated to sound incident handling
procedures could be started.

For general incident response practices, I recommend the recent thread
(Jan 2006), "REVIEW: Incident Reponse", Douglas Schweitzer", which
discussed said book and eventually other books and resources as well.



This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas.
World renowned security experts reveal tomorrow.s threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus