Date: Tue, 15 Jun 2004 15:29:42 +0100 From: Paul Robinson <paul@iconoplex.co.uk> To: Greg Pavelcak <g.pavelcak@comcast.net>, freebsd-chat@freebsd.org Subject: Re: Responding to Breakin Attempts Message-ID: <20040615142942.GD4684@iconoplex.co.uk> In-Reply-To: <20040614192542.GA907@bsd.home.net> References: <20040614192542.GA907@bsd.home.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 14, 2004 at 03:25:42PM -0400, Greg Pavelcak wrote: > The subject almost covers the question. Our system logs breakin > attempts. Sometimes we get a flurry of attempts, perhaps just some > sort of script that sends logins and passwords around, and I'd like to > be able to respond in self-defense in some sort of productive way. But in general, you need to write up a security policy based on best industry practise and implement it. What policies do you already have in place. VMS boxes tend to be the worst - people assume it's the most secure OS in the world and don't put the basics in place. I used to be tech director of a firm that shortly after I left announced exploits in the TCP stack we fixed in Unixland something close to 10 years ago. They only released a couple, but I know the guy who was working on it reckoned he had a few dozen lined up to release. He might still do so. > How can I respond to such attempts to access the system here? You have several choices: 1. Log all data securely and attempt to lock down the system, perhaps collecting evidence with view to a prosecution if you feel it necessary. 2. Bring in external security services to help you lock down and collect evidence. If you're seeing attempted breakins, chances are, you haven't been broken into yet. Consider what connections that box has to the outside world, and ask whether it needs them. Why are ports available to that user to be able to even attempt logins? Where is the firewall? Why aren't you filtering traffic? Etc... > Any good beginner security reading out there? Well, where to start.... I'll assume you want to get to grips with the concepts rather than a list of commands to type in to tighten things down, especially as you're asking us. NIST publishes this: http://csrc.nist.gov/publications/nistpubs/800-12/ O'Reilly publishes this: http://www.oreilly.com/catalog/csb/ This is considered the bible for unix guys: http://www.oreilly.com/catalog/puis3/ There are thousands of books out there on IT security. If you feel there is a real threat, you may need to bring in help due to time constraints and the fact that you just don't have the time or experience to counter a current threat. In which case there are plenty of security consultancies out there. If you want a guy who specialises in VMS boxes I can find one for you, but it won't be cheap. $1500/day is considered cheap. -- Paul Robinson http://www.iconoplex.co.uk/ "I'm not conceited. It's just that I have a fondness for the good things in life, and I happen to be one of them." - Kenneth Williams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040615142942.GD4684>