Author: Benjamin D. Thomas
It’s now the holiday season and people all around the world are preparing to take time off to spend with their families. In between office parties and visions of LEDs from switches and routers dancing in your head, it is important to think about the possibility of something going wrong. I’m not talking about someone leaving the turkey in the oven too long allowing it to dry out, but one of your servers getting compromised.
You’ve just been attacked! Can it get worse? Of course, because the decision makers in the office have the most seniority, they’re all off. You are stuck trying to sort out what happened, and how to get the critical server up as soon as possible. Your first instinct is to start contacting all of the individuals who are ultimately responsible.
Because it is the holidays, suddenly it is impossible to get in with contact
anyone. People have either turned their phones off, or are taking a vacation
someplace sunny. Because you know that the compromised server is critical to
operation, you must get it patched and back online as soon as possible. What
about preserving forensic evidence? What if the attacker planted a back door?
This obviously puts you in a very sticky situation. You know that management
would want the server to be back online, but because nothing like this has ever happened, you’re unsure how to appropriately respond.
The situation above could have been
less stressful if the organization had a incident response and or contingency
plan in place. I realize that many of you are from smaller companies and a 50
page plan is simply not feasible. However, there are several lessons that can
be learned. Know where people will be over the holidays! Often, people will
not be staying home and will not be reachable at their regular numbers. It is
important to get the contact information from key individuals to ensure that
in the event of an emergency, decisions are still made at the appropriate level.
No one wants to be bothered during their time off, but more importantly no manager would want bad decisions being made on their behalf when they are away.
Collecting important phone numbers, putting them in a single email, and circulating them around the office can make a world of difference. It isn’t always important to have fancy policies and plans, often a majority of problems can be minimized by setting up clear communication channels between employees. Proper communication will minimize the impact of any incident.
I want to wish everyone a warm and
safe holiday season.
Until next time, cheers!
Benjamin D. Thomas
LinuxSecurity
Feature Extras:
FEATURE:
OSVDB – An Independent and Open Source Vulnerability Database
– This article outlines the origins, purpose, and future of the Open Source
Vulnerability Database project. Also, we talk to with Tyler Owen, a major
contributor.Guardian
Digital Launches the First Secure Small Business Internet Productivity Solution
– Guardian Digital, the world’s premier open source Internet security company,
announced the availability of Internet Productivity Suite, a comprehensive
productivity and security management system. Focused on the increasing requirements
of small and medium organizations, this cohesive and highly-secure suite of
applications combine to protect users from Internet threats while providing
the features necessary to operate a complete Internet presence.OpenVPN:
An Introduction and Interview with Founder, James Yonan
– In this article, Duane Dunston gives a brief introduction to OpenVPN and
interviews its founder James Yonan.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]
Distribution: | Fedora | ||
12/15/2003 | lftp | ||
Buffer overflow vulnerability An attacker could create a carefully crafted directory on a website such |
|||
Distribution: | Gentoo | ||
12/12/2003 | app-crypt/gnupg Multiple vulnerabilities |
||
Buffer overflow vulnerability Two flaws have been found in GnuPG 1.2.3 including a format string vulnerability |
|||
12/15/2003 | xchat | ||
Denial of service vulnerability There is a remotely exploitable bug in xchat 2.0.6 that could lead to a |
|||
12/18/2003 | lftp | ||
Multiple buffer overflow vulnerabilities Two buffer overflow problems have been found in lftp, a multithreaded command-line |
|||
12/18/2003 | lftp | ||
Multiple buffer overflow vulnerabilities Two buffer overflow problems have been found in lftp, a multithreaded command-line |
|||
Distribution: | Immunix | ||
12/15/2003 | lftp | ||
Buffer overflow vulnerability Ulf Hrnhammar has discovered remotely triggerable buffer overflows in lftp; |
|||
12/16/2003 | lftp | ||
Multiple vulnerabilities Advisory updated Tue Dec 16 2003; an employee at Red Hat found another bug |
|||
Distribution: | Mandrake | ||
12/12/2003 | net-snmp Improper access vulnerability |
||
Multiple vulnerabilities A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing |
|||
12/15/2003 | lftp | ||
Buffer overflow vulnerability A buffer overflow vulnerability was discovered by Ulf Harnhammar in the |
|||
12/18/2003 | irssi | ||
Remote crash vulnerability A vulnerability in versions of irssi prior to 0.8.9 would allow a remote |
|||
Distribution: | NetBSD | ||
12/17/2003 | BIND | ||
Negative cache poisoning Several versions of the BIND 8 name server are vulnerable to cache poisoning |
|||
Distribution: | Red Hat |
||
12/16/2003 | lftp | ||
Buffer overflow vulnerability An attacker could create a carefully crafted directory on a website such |
|||
12/16/2003 | apache | ||
Multiple (minor) vulnerabilities Updated httpd packages that fix two minor security issues in the Apache |
|||
Distribution: | Slackware | ||
12/12/2003 | lftp | ||
Code parsing vunlerability According to the NEWS file, this includes “security fixes in html parsing |
|||
Distribution: | Suse | ||
12/15/2003 | lftp | ||
Buffer overflow vulnerability When using lftp via HTTP or HTTPS to execute commands like ‘ls’ or ‘rels’ |
|||
Distribution: | Turbolinux | ||
12/17/2003 | GnuPG | ||
Key compromise vulnerability Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal |
|||
Category:
- Security