IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / If you don't already have an intrusion detection system...
Post #16,621
by ben_tilly
11/5/01 1:15:22 PM
Reply
New If you don't already have an intrusion detection system...
Install one.

Depending on how likely you think that it is that he would try to do something, take some of the most obvious user names and passwords he might use, and leave it enabled in a chroot jail, and be sure to log it for any activity. In the same spirit, turn on any process accounting options that seem like a fit, and track them for suspicious activity.

If he does try something, that will at least give you a good chance to catch him early, before he has done nearly the damage he could do...

Cheers,
Ben
Post #16,625
by tseliot
Picture of tseliot
11/5/01 1:42:45 PM
Reply
New Yes, yes, yes.
IDS is the way to go, in a mixed environment, especially so (hey, that rhymes! :)

And take this opportunity to document everything you do to "lock down" the system(s).
---------------------------------
A stupid despot may constrain his slaves with iron chains; but a true politician binds them even more strongly by the chain of their own ideas;...despair and time eat away the bonds of iron and steel, but they are powerless against the habitual union of ideas, they can only tighten it still more; and on the soft fibres of the brain is founded the unshakable base of the soundest of Empires."

Jacques Servan, 1767
     Help! Please - (broomberg) - (7) - Nov. 5, 2001, 12:04:33 AM EST
         Presuming it's not you... - (static) - (1) - Nov. 5, 2001, 01:36:44 AM EST
             Another that might be too obvious.. - (Steve Lowe) - Nov. 5, 2001, 02:06:02 AM EST
         Make sure... - (bepatient) - Nov. 5, 2001, 02:07:23 AM EST
         another list off the top of my head - (boxley) - Nov. 5, 2001, 09:58:26 AM EST
         If you don't already have an intrusion detection system... - (ben_tilly) - (1) - Nov. 5, 2001, 01:15:22 PM EST
             Yes, yes, yes. - (tseliot) - Nov. 5, 2001, 01:42:45 PM EST
         Keep a backup of the past week - (orion) - Nov. 6, 2001, 04:46:53 PM EST

It's Microsoft clearly boiling the frogs...
31 ms