On Wed, Feb 28, 2001 at 10:15:13AM +1100, Umar Goldeli wrote:
> > Removing binaries just means the attackers have to get them in via
> > some other means.
>
> Indeed. You're buying time. Time is good. If your attacker can't readily
> telnet, ftp, ssh, scp, rcp, wget, lynx etc - he's going to have to try
> much harder. And what also happens if there's no compiler on the box?
Theres no c compiler (but they could upload bin's I suppose) but there is
perl, I'll have to check if perl is needed.
> better yet, your border router acls do not allow connections ORIGINATING
> from your firewall outbound?
Unforunately, at the moment it has a proxy running.
> Agreed throughly about the turn of all listening services bit. :)
Sorry, did you say something?
> As for logging - the safest way to keep logs is to have a serial printer
> attached to your console and dumpit all on to paper and focus on physical
> secrity of the box. Do what the military does... not veyr practical, but
> once written, your logs are there forever. ;)
Printers run out of paper (printer DoS), with some printers you can reverse
the paper back and write over stuff making it unreadable.
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
