On Fri, Feb 13, 2004 at 09:02:28AM +0100, Volker Tanger ([EMAIL PROTECTED]) wrote: > If you have to assume being compromised, re-install and re-configure all > your systems starting from scratch and clean media (boot from CD, > partition harddisc, format HD, install base system, ...) -
I would amend that a person in such a position start with system(s) easily isolated. Then with an established secure core grow it across the install base. The initial core's function is monitoring and security based. Then when one can reasonably ensure integrity going forward bring the gateway systems into the intranet into this core. At this point control should be re-established over the environment and rebuilding those critical business systems makes sense. Another message in this thread pointed out that this is more of a social issue then a technical one. I essentially agree with this position. Exposition of social strategy is off-topic for this mailing list. -- Chief Gadgeteer Elegant Innovations _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html