> >-- > >Jason Dixon, RHCE > > *sigh* I guess RHCE doesn't delve into the security aspects then eh ?
Look, I never intended to start a flame war or anything. There are times and places where each approach has it's merits. In my case, where I am a member of a military CERT, we have to be absolutely sure that our systems are secure. This means that we have a rather involved response protocol, and part of it is retaining evidence, as Jason alluded to. You also have to remember that we are forbidden from attempting to "trap" a hacker, since we are not law-enforcement. So, basically, we will shut down the system and disconnect it from a network. Then we'll make a full image of the drive, when possible, for forensic analysis. Then we'll boot from a known-good CD to run some checks, etc. When you are dealing with national security, it's not exactly "small/home office" applications. I agree that it is labor intensive. But if you are going to do security, the Department of Defense tells us military CERTS to "do it right or get the hell out of the way so somebody else can". Ben -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
