[Ilugc] Learning on backup systems
Last weekend, I had a great learning about backups from one of our customers. We had few servers attacked by rootkits. Few binaries were installed in 5 servers and they started to consume network bandwidth highly. A new mail server was installed recently and it started to send spam mails. We missed to harden the mail server as it was a test mail server and we thought of keep it alive for a week only. These issues were reported by network monitoring team. After trying to clean the rootkit attacked server, we realised that it is better to reinstall the entire os, hoping to restore the data from backup. We reinstalled all the servers. Then we checked for the backups to restore. But found that the disks for backup server were full 1 month ago. We missed to notice that. There was no monitoring client on that backup server. :-( Restrored the available data and trying to collect the lost data from users machine and other servers. Lesson learned : 1. don't destroy existing servers without checking the backups 2. Don't missout any server from the eyes of monitoring system 3. Run mock runs for restoring data from backup often. 4. Do the hardening of any server as first task after installation, even though the server is for one day use. 5. Setup intrusion detection systems for critical servers. I thought it was boring and not an essential one. But understood the importance of them. 6. Having multiple backup server is really good. It is not waste of money or effort. It can help on hard times. Though we know about these already, unless we suffer, we don't realise the effects. Requesting all the sys admins to make sure about their backup systems and security. Good backup and security systems will give you peace of mind and reduce high tensions. ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
Re: [Ilugc] Learning on backup systems
On 23/12/15 19:34, Shrinivasan T wrote: > 5. Setup intrusion detection systems for critical servers. I thought it was > boring and not an essential one. But understood the importance of them. But probably not on any of those critical servers themselves. If you have a switch on your network with a sniffer port - I would connect to that. Also, operate a DMZ. Use firewalls on everything (so perimeter firewall as well as fire walling between your hosts). If someone it going to comprimise you, then compromising further hosts should be made as difficult as possible. I recommend Suricata + Snorby as a good way to do the IDS bit. Oh and once all your hardening and security set up is done, challenge someone to pen test it. I'll do it if you want :) ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
Re: [Ilugc] Monthly meet ILUG-C - Saturday, December 19, 2015, 1500 IST
Hi, --- On Wed, Dec 23, 2015 at 1:48 PM, Shakthi Kannanwrote: | We shall change the topic from "Project Euler" to something else in the new year. \-- Awesome, looking forward to it. Awaiting more volunteers to actively participate and engage on the same. ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
Re: [Ilugc] Monthly meet ILUG-C - Saturday, December 19, 2015, 1500 IST
Hi, --- On Sun, Dec 20, 2015 at 6:22 AM, Bala Kumarwrote: | Members who were present today for the session here is the link to Kibana | instance which has our archive data. \-- This is good work. We have slowly moved from solving Euler problems into taking up community projects. We shall change the topic from "Project Euler" to something else in the new year. Thanks! SK -- Shakthi Kannan http://www.shakthimaan.com ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines