[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Rootkit

El Lunes, 22 de Octubre de 2007 23:48, Dave Burns escribió:
> Exactly. So there are three contexts in which you are using the tools:
> 1) Not sure you've been hacked, just suspicious or vigilant.
> 2) Sure you've been hacked, have not yet rebooted, looking for information.
> 3) Sure you've been hacked, rebooted using a CD (e.g. knoppix) or
> other known-good /.
> In situation 1 and 2, you can't totally trust your tools, unless
> they're giving you bad news. In situation 3 your can trust the tools
> as much as you can trust the "known-good /" where they are located. So
> you're never totally sure you're in the clear.

Well, in case 2, you'd not be 100% confident, rootkit are there and they might 
installed one on your system, so, let's start to doubt :)

> I guess the truly paranoid might boot from a CD and do an audit
> periodically, I guess that might make me feel pretty confident. Hard
> to automate it (and may open  up new vulnerabilities), no one wants it
> happening during ordinary working hours, and I don't want to be doing
> it by hand outside ordinary hours. Yuck.

Good point, that's totally crazy in production enviroments.

> >To evalue my general system security I use babel
> Is that comparable to nagios, or more security oriented?

Well, I'm one of the main developers of Babel, so don't take this as a spam, 
it fits perfectly in this scenario. 
It's security oriented, Babel performs a security level check of the machine, 
or hardening. The check consists of a number of auditing tests that obtain a 
snap of the security status of each machine. The result is a security index 
of the system that is given after each execution.

Just totally off-topic, I'm just curious, Dave, do you speak spanish? 
Un saludo!!

Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]