I believe Carolyn Meinel is for hire as a security auditor.
:)
-----Original Message-----
From: Frank Knobbe [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 01, 1999 7:07 AM
To: 'John O. K.'; [EMAIL PROTECTED]
Subject: RE: Hacking Contest ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: John O. K. [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 01, 1999 7:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Hacking Contest ?
>
> [...]
> First and foremost. Make a complete backup of the system
> prior to release
> of the IP. Store this offsite. After letting the week or
> two go by take
> all input provided (if any) by the attackers and all logs you
> have (because
> you will be logging to the fullest, right?) and compile a
> report. Then take
> the system off line and completely restore from that backup.
> While keeping
> it offline start to implement the fixes/patches/upgrades that
> you now KNOW
> need to be added. True you may not get everything, but all
> trojans/backdoors that may have been introduced will now be gone and
> hopefully many of the potential vulnerabilities will be closed down.
How can you be sure that if the system was compromised, it wasn't used
as a jump point to others? Just because you ask to hack only 'that
one' machine doesn't mean that the hackers will. The risk is too high
that they hack the system, jump to the next one, maybe even slip
through the firewall following now accessible rules/paths.
If you do such a contest, get another ISP line in (with a different
ISP, make sure you don't use the same contact info for the domain
record as your existing domain). Set up only that one system on that
line. Do not connect it to anything else. Benefit of having the
separate ISP line is that you can cancel it after the contest is done,
so all 'late comers' won't be hitting your real site. And of course
since no connectivity to your network exist, no risks of jumping is
present. Just be aware of viruses and trojans.
I would not immediately restore the system. You probably want to run a
compare to see what changed (why is fpnwclnt.dll so much longer now?
;)
The additional risk is (as stated earlier I believe) that it might be
construed that you provide hackers a platform for attacks to other
systems. If I remember correctly, people have lost court battles
because they failed to provide adequate security measures to secure
their systems, which were used for attacks on others. So, while you do
try to provide a high level of security, an invitation of hack your
system may not look very good in court...
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2
Comment: PGP encrypted email preferred
iQA/AwUBNwOLlylma9DCzQQeEQKkwgCgwknKvT8CCja2bom3ycvfUvS6GgoAoJa6
XX3fq/Y1dhkPxbOGuw34oJQm
=Ch2R
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
