hi joaquin
what kind of hacker/attacker are you trying to defend against??
- independent of that... there are things youcan do to
"cover your butt"
- tracking down the culprit is probably gonna be a fulltime job
when the get into your box
- counter measures/preparation
- make backups of all your "important systems"
- no user login accts on the web/ftp servers
- use a 2nd backup server that automatically or
periodically update the real ftp/web servers
- find the contact info for your ISP, cert.org, etc
and other security agencies
- search for "cert, incidence reporting, etc"
- harden your servers to minimize the chance that they
can get into your systems
- implement intrusion detection
- if you are processing sensitive data like credit card
information, medical, insurance processing, checks, etc
- hire a professional security firms w/ liability
insurance
- hire one to audit and check all asects of your systems
- hire a different one to help defend your systems
- if they do get in... i say let them stay in for a few minutes...
so that yoou
can track them down... and find a pattern... gather as much
evidence as you can and call the local
computer crime squad of your local police dept or FBI
if its a federal/interstate issue
-
- it was fun once... to erase their files while there
- were live in the system... than they went away...
-
- nothing you can do about malicious hackers that want to
"rm -rf / " into your system once they become root..
- well at least that tracking takes lot more effort
have fun linuxing
alvin
http://www.Linux-Sec.net
On Tue, 8 May 2001, Joaquin Tejada wrote:
> Hi all,
>
> I've been asked to make a plan on how to deal if we get hack. For example,
> what if our web or ftp got hack - what are the steps we should follow or do
> to catch or trace the culprit and how to prevent it from happening again.
> Who should we report it to? Our web and ftp servers are in a dmz zone and
> only http and ftp services are allowed. Thanks in advance.
>
> Regards,
> Joaquin
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
