On Wed, 12 Apr 2006, Jason Etchason wrote:
> Once I get home from work today, I want to be able to bring my system back
> up, but not before I am certain I have closed off all vulnerabilities. Then
> I'd also like to setup some form of IDS, but I do not know if that is above
> my skill level. Of course, I gotta learn some time, so I might as well now?
You may want to reinstall the operating system from scratch. Tracking down
vulnerable files can be difficult, especially if you don't have a
specification covering all the attributes and metadata about the files on
your system.
Also in many cases, there may be kernel modules or compromised tools that
make it difficult to analyze and recover. You may want to use a LiveCD or
rescue disk to help analyze your system.
As for an IDS, you have many options to think about: real-time scanning of
network activity, proactively blocking or just alerting, and
after-the-fact detection (like log checkers and file integrity checking).
Jeremy C. Reed
echo '9,J8HD,fDGG8B@?:536FC5=8@I;C5?@H5B0D@5GBIELD54DL>@8L?:5GDEJ8LDG1' |\
sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP'
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)