On Wed, 1 Nov 2000, Tom Laurie wrote:
> They got a call from ATT Broadband yesterday saying that their computer
> was being used to hack into other computers and sure enough, when you
> reboot their server it says Zombie at some point.
Wipe the drives and reinstall the system.
Unless you have an offline copy of an Intrusion Detection System, that is
the only way to ensure system integrity after a compromise.
> Once it is off, how can I protect against it ?
Keep your security updates up to date. Most distributions/vendors have a
security updates web page and/or mailing list.
Use strong passwords.
Do not use unencrypted channels for anything other then anonymous access.
Keep the number of people with privileged accounts to a minimum.
Turn off unnecessary services.
Understand the services you are running, the configuration you are using,
and the security implications thereof. This takes the most time,
unfortunately, but generally leads to the best security. In an ideal world,
with ideal vendors, this would not be necessary. But this is not an ideal
world.
BTW, these rules are not specific to Linux, or even Unix. They apply
regardless of the software you are running.
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
