[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] hacked again!

Subject: Re: [cobalt-security] hacked again!
From: Bill Irwin <bill_irwin@xxxxxxxx>
Date: Mon, 07 May 2001 13:10:02 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Kai,

When you do the OS Restore. Be sure that the server is NOT connected to
the Internet untill ALL the patches have been applied. We have seen
cases where the server was hacked within minutes of being back online
and BEFORE the patches were applied. If you have on infected machine on
a network of several, this is all it would take to re-infect the
machine. 

You should adopt the philosophy of the Boy Scouts: Be prepared! Have
good backup procedures and have all your clients backup their work
before uploading to your site. This way they will have original copies
of their work. We would like to believe we can be impervious or
invincible to these kinds of attacks, be we know it will never happen.
Hackers are persistent and will always find a way to exploit services to
gain access to a server. You should turn off all services your users
don't need. You should also adopt strict security measures on the server
by only allowing SSH connections, etc. Things like this can minimize
your risks.

-- 
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.

References:
- [cobalt-security] hacked again!
  - From: Kai Schantz, Euroweb

Prev by Date: Re: [cobalt-security] named "denied update" error
Next by Date: [cobalt-security] Update my Raq3 ? or not ?
Previous by thread: [cobalt-security] Samba /tmp security hole
Next by thread: [cobalt-security] Update my Raq3 ? or not ?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index