Donald S. Doyle <dsdo...@gemcc.com> wrote: > So every time a system gets rooted, the best thing to do is start fresh > either with a replacement device or a clean install?
Yes. The ideal situation is you wipe it and recreate it from scratch - that is the only 100% guaranteed way to avoid having had anything left behind of a compromise. Bear in mind that some of the more sneaky malware goes to great lengths to make it hard to find. But, that's the ideal world. In the real world, you may not be in a position to just do that - for example, if it's been a couple of years since you set it up you will have several issues : 1) You won't be able to remember exactly what you had set up and how it was set up 2) The software may well have moved on and the original versions are no longer available for download - though this is an opportunity ti upgrade ! So it's a case of cleaning up and removing what's been installed. This needs a certain level of skill to identify what's been installed and how. If you can't figure out HOW it got in, then you don't know what holes you have to plug. But this shows a good reason why it's a good idea to have a border router which does the bare minimum, has the bare minimum of software installed, and is locked down tighter than a duck's backside (which by anecdote is watertight). These days it's easy to run multiple virtual machines on one PC/server - and thus have a small virtual machine dedicated to being your router/firewall. It's also a good idea to have firewall rules which "block everything, permit what you want" - especially to/from your firewall. That way, if (say) a hacker is able to compromise a forum package on the webserver and install his "stage 1" software kit, it won't be able to make any outbound connections to get instructions/download further code/upload results - thus making the installation impotent. The glib and simplistic thing to say is that no-one should be doing this sort of stuff if they don't understand all this - and that's what you'll hear from some quarters. In the real world, we don't all have the budget to employ security professionals to vet our home/small business setups - so we have to do the best we can. There is one thing that comes to mind. You said that "It appears that apps are getting installed on the router without my knowing ... I cannot find any evidence of it." How do you know they are installed if you can't find any evidence ? ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
