[lug] i got hacked
Harris, James
James_Harris at maxtor.com
Fri Apr 19 10:55:32 MDT 2002
Yes, I'd agree that you want to focus some time in the configuration of it,
however, I think what I've always shot for on systems like this is
kiddie/cracker prevention and detection as opposed to full on hacker
prevention.
I think it all depends on what your goals are. If you want to try to
prevent the "real" hackers, you're going to invest a tremendous amount of
time and energy. If you want simply to filter out the 90% mark, then I
think you can get a good balance of security and time using tools like
Tripwire.
My two cents...
-----Original Message-----
From: Bear Giles [mailto:bgiles at coyotesong.com]
Sent: Friday, April 19, 2002 10:25
To: lug at lug.boulder.co.us
Subject: Re: [lug] i got hacked
> One final piece of advise when you rebuild, install tripwire. All of
> the firewall recommendations, combined with wrappers, log sentry (log
> check) will help prevent it from happening again, but tripwire will
> let you know if it _does_ happen again.
If tripwire isn't installed properly, it can give you a false sense of
security. In a situation like this you *must* use media which is physically
read-only - a knowledgeable attacker would simply update your tripwire
database if it's not on readonly media (not just a readonly partition or
file).
Bear
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list