| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: DaveHowe at cmn.sharp-uk.co.uk (Dave Howe) Subject: I Got Hacked. Now What Do I Do? Troels Bay wrote: > Now one can't trust somewhat 50% of all Microsoft Computers. you trusted that many before? :) Honestly though, it isn't a total writeoff. Your data may well have been compromised - so you need to run a validation exercise after copying to a clean system but before even starting a webserver (or anything that could execute binaries in your dataset) - *Validate and sanity check database-data - particularly any user/access lists, and change passwords on any admin accounts. *Validate and sanity check static html pages * Recompile or upload from trusted sources any binaries - they can't be trusted - and validate / sanity check any scripts * Ideally, if you have a DEV system that wasn't compromised (many organizations do) upload known-clean copies - just be sure you didn't backport any scripts or html pages from the "live" server, nonsensical though that might sound. I am not going to say getting back to a 100% trustworthy system is going to be possible in a short term, but you should be able to have 99% confidence in your datasets and site pages within a week. Isn't going to be cheap (in man hours, but that translates to money in various ways) either. For the future, consider a bit of diversity and a decent (DMZing) firewall; if your boxes don't *have* exposed ports other than 80, they can only be compromised by an attack on that port, not (say) 445. Diversity doesn't mean dumping Windows if you are wed to the platform (ie, have an existing large investment in it) - but consider Apache and PHP rather than IIS and VBScript; they run just fine on windows, will scale with the company (so you can upgrade to non-windows hardware in the future if you need to) and are more common than IIS anyhow. A decent firewall doesn't have to be expensive - for entry level, you can use a legacy PC with three network cards (inside, outside, DMZ) and a floppy (no hard) drive, then boot the fw with a LEAF linux such as Bering - from write protected floppy disks (and get VPN support and a DNS server thrown in for free :)
Powered by blists - more mailing lists