Date: Mon, 14 Jan 2008 12:00:39 -0800 From: Klaus Steden <klaus.steden@thomson.net> To: Dan Lukes <dan@obluda.cz>, freebsd security <freebsd-security@freebsd.org> Subject: Re: Anti-Rootkit app Message-ID: <C3B0FF67.4128%klaus.steden@thomson.net> In-Reply-To: <478BB3DA.5070302@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dan, Good security is usually a comprehensive strategy, rather than hoping for a one-size-fits-all-magic-bullet solution. Combine a coherent packet filter with strong passwords, a competent IDS, BSD securelevels, and a file system integrity checker, and you've got a pretty solid strategy for dealing with most of the bad things that show up on the Internet. This, of course, is all wasted if you leave your system unprotected physically, but I digress ... A common strategy with anti-rootkit software is to keep a copy of your signatures elsewhere -- either on removable media, or a remote system; you can use secure hashes to verify the integrity of the local signatures against your known good copy to ensure that the list hasn't been tampered with, and then verify the important parts of your OS against said list. A lot of computer intruders are dumb, and more important, lazy. Truly motivated and gifted crackers are a rarity, and if you get attacked by one of them, it can be difficult to deal with. However, good preventative security measures will keep the small fry and script kiddies at bay. Just my two cents. Klaus On 1/14/08 11:11 AM, "Dan Lukes" <dan@obluda.cz>did etch on stone tablets: >>> I need to install an anti-rootkid > > If I understand correctly, an intruder need to be superuser to be able > to install a rootkit. > > If our intruders has superuser privileges, they can tamper any > anti-rootkit. > > Is the main reason to install anti-rootkit we count the intruders are > so dumb to look for one of port's anti-rootkit package before they do > it's dirt work ? > > Or I miss something important ? > > Dan > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C3B0FF67.4128%klaus.steden>