Roger,
Try to come up with action plans for when a crack attack succeeds.
1) Try to plan the quickest way to recover from a crack attack. I
would recommend using a virtual machine that you can take snapshots of
so you can do periodic offline integrity scans on it. I.e. Don't do
the offline scan for root kits, scan for anything that has changed or
is new. Treat the web machine as a sacrificial host.
2) Use a separate machine to do packet (capture only, no packet
inspection) capture of all network traffic between the internet and
your web server. Ensure the entire packet is captured.
This will let you find out how the hack was done or at least give a
contractor the data needed to diagnose the problem.
3) One you have these plans in place, you can then go about hardening
the web server itself, and finally link it to the internet.
2009/3/24 Roger Munford <rogermunford@???>:
> Thanks for all your advice. There is a lot to work through but I am
> grateful for the practical advice.
>
> One of the joys? of working with computers is getting something working
> and seeing a benefit. Sometimes you can achieve something with only a
> vague idea of what you are doing. Unfortunately these days you have to
> be on top of the game and there seem to be so many vulnerabilities to
> know about.
>
>
> Roger
>
> --
> Please post to: Hampshire@???
> Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
> LUG URL: http://www.hantslug.org.uk
> --------------------------------------------------------------
>
