Chapter 1: Critical First Steps

Previous page
Table of content
Next page

Overview

It takes time to develop and deploy a comprehensive hardening plan. Meanwhile systems may already be compromised or may not be operating properly. They may be leaking information, be busy infecting other systems on your network, or even be part of coordinated attacks on other machines. Regardless of their security status, systems that are unstable due to hardware or power issues may be further weakened by your hardening efforts. Adding security controls to systems you no longer control, or toppling already subperforming servers, serves no purpose. Before you harden a current production system, you must determine if it s still your system to harden. You must make sure it is operating correctly. After you harden systems, you must have a way to determine if the steps you ve taken are keeping the system secure.

Stop and do this now. Test the system to determine its status. If you find evidence of an unauthorized intrusion, presence of malware of the presence of a root kit, or of evidence of attack, use approved methods to reclaim the system. Cleaning and reclaiming may entail obtaining and running special software, following instructions for removing files and reconfiguring settings, or wiping the hard drive and reinstalling. Next, ensure that the system is operating properly. This chapter provides the steps that will teach you how.

Heads Up  

Before you attempt to recover a system that has been compromised, sit down and count the costs and the final results. You should consider which is more cost effective, to reinstall or to recover. Past experience suggests that the real cost of recovery is often more than double the initial estimate. The cost of reinstallation is often premised on a worst-case scenario. In other words, there is a tendency to underestimate the costs of system recovery and to overestimate the costs of reinstallation. In addition, it is wise to consider the possibility that a compromised machine may have hidden backdoors installed. When evidence of one successful attack is discovered , you must consider if it's possible that cleaning the system of some recognizable Trojan horse or other results may still leave hidden modifications or software that will allow an attacker to manage the system. There are no hard and fast rules that can be used to make the decision of recovery versus reinstall. You will have to weigh the cost and the risk.



Previous page
Table of content
Next page
Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113
Authors: John Terpstra, Paul Love, Ronald P. Reck, Tim Scanlon
BUY ON AMAZON
MySQL Stored Procedure Programming
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
A Practitioners Guide to Software Test Design
The Java Tutorial: A Short Course on the Basics, 4th Edition
Mapping Hacks: Tips & Tools for Electronic Cartography
Microsoft VBScript Professional Projects
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy