[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040213160943.GX18584@hyper>
From: gadgeteer at elegantinnovations.org (gadgeteer@...gantinnovations.org)
Subject: Re: Removing FIred admins
On Fri, Feb 13, 2004 at 09:02:28AM +0100, Volker Tanger (volker.tanger@...ewe.de) wrote:
> If you have to assume being compromised, re-install and re-configure all
> your systems starting from scratch and clean media (boot from CD,
> partition harddisc, format HD, install base system, ...) -
I would amend that a person in such a position start with system(s) easily
isolated. Then with an established secure core grow it across the install
base. The initial core's function is monitoring and security based. Then
when one can reasonably ensure integrity going forward bring the gateway
systems into the intranet into this core. At this point control should be
re-established over the environment and rebuilding those critical business
systems makes sense.
Another message in this thread pointed out that this is more of a social
issue then a technical one. I essentially agree with this position.
Exposition of social strategy is off-topic for this mailing list.
--
Chief Gadgeteer
Elegant Innovations
Powered by blists - more mailing lists