Re: Anti-Rootkit app
Hi Dan,
Good security is usually a comprehensive strategy, rather than hoping for a
one-size-fits-all-magic-bullet solution.
Combine a coherent packet filter with strong passwords, a competent IDS, BSD
securelevels, and a file system integrity checker, and you've got a pretty
solid strategy for dealing with most of the bad things that show up on the
Internet.
This, of course, is all wasted if you leave your system unprotected
physically, but I digress ...
A common strategy with anti-rootkit software is to keep a copy of your
signatures elsewhere -- either on removable media, or a remote system; you
can use secure hashes to verify the integrity of the local signatures
against your known good copy to ensure that the list hasn't been tampered
with, and then verify the important parts of your OS against said list.
A lot of computer intruders are dumb, and more important, lazy. Truly
motivated and gifted crackers are a rarity, and if you get attacked by one
of them, it can be difficult to deal with. However, good preventative
security measures will keep the small fry and script kiddies at bay.
Just my two cents.
Klaus
On 1/14/08 11:11 AM, "Dan Lukes" <dan@obluda.cz>did etch on stone tablets:
>>> I need to install an anti-rootkid
>
> If I understand correctly, an intruder need to be superuser to be able
> to install a rootkit.
>
> If our intruders has superuser privileges, they can tamper any
> anti-rootkit.
>
> Is the main reason to install anti-rootkit we count the intruders are
> so dumb to look for one of port's anti-rootkit package before they do
> it's dirt work ?
>
> Or I miss something important ?
>
> Dan
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 5 之 10 篇):