The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024


[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

RE: Re: [OT] - HELP PLEASE we've been hacked.


  • Subject: RE: Re: [OT] - HELP PLEASE we've been hacked.
  • From: "Sullivan, Glenn" <gsullivan@xxxxxxxxxxxxxx>
  • Date: Wed, 14 Apr 2004 15:33:43 -0400

If that is the case, then why not put it outside the firewall, disconnected
from the internal network entirely.

Use IP Filtering to only allow port 80 to talk, and harden it as best you
can.  Back it up (completely).

Practice restoring it a couple times from bare-bones.

Then just put it out there as a sacrificial lamb (albeit one with a little
bit of body armor on).

When a vuln comes out, and the machine gets compromised, unplug it, restore
it, fix the vuln, take a new backup, and be on your way.

Unless this does more than just your demo... but if not, the worst case is
that your demo is borked for a day or so while you
restore/patch/test/backup.

But if the machine is inside the firewall, and it is compromised, you are
in much hotter water, as then someone could use it as a launching point to
attack other machine is your network.

Just my $.02,

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc.

-----Original Message-----
From: Dean Barrett [mailto:dean@xxxxxxx]
Sent: Wednesday, April 14, 2004 3:26 PM
To: ukha_d@xxxxxxx
Subject: RE: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.


Ian - you are correct, its not a home system, it is the PC we use for
Geovision and Cbus demos on the rolec.net website.

I suppose my problem is that everything I've ever done web wise before has
always been on hosted sites where it is someone elses problem to worry
about
intrusions. This server is the first I have ever opened to the public, and
must admit I now wonder to its virtue...

Visitors to our site had been very complimentary of the demo's we had
running, and has been a useful sales tool, but I now wonder if its worth
it.
I fear the cost of proper support may outway to possible revenues
generated...

Bit of a sh*t all in all.



Dean.


-----Original Message-----
From: Ian Lowe [mailto:ian@xxxxxxx]
Sent: 14 April 2004 19:28
To: ukha_d@xxxxxxx
Subject: RE: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.

Hmmm, actually, it might be me with the wrong end of the stick.. I thought
this was the rolec.net company webserver, rather than just Dean's home
system...

In which case, as you say, it's overkill - I'm not suggesting home users
rush out and employ a Firewall-1 expert ;)

Ian

-----Original Message-----
From: Ali Watkins [mailto:ukha@xxxxxxx]
Sent: 14 April 2004 19:11
To: ukha_d@xxxxxxx
Subject: FW: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.

Ian,

Sorry.. maybe I misunderstood?  I understand that proper services should
come at a proper price, I am a great believer in the old "you get what
you
pay for" adage. But when it comes to securing a windows box on the end
of a
private DSL line hosting pages just for yourself I think a DIY job does
fine.... unless there is something mission critical on the box... which
there shouldn't be!

Maybe I misunderstood the original idea?



Ali




> -----Original Message-----
> From: Ian Lowe [mailto:ian@xxxxxxx]
> Sent: 14 April 2004 17:10
> To: ukha_d@xxxxxxx
> Subject: RE: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.
>
> >-----Original Message-----
> >From: Alistair Watkins [mailto:ukha@xxxxxxx]
>
> >I dont think you *have* to spend cash to make yourself more
secure,
> there
> >are plenty of *free* (as in speach, not lunch) tools about that
will
> run
> >on windows and help you... there is also plenty to read online
too.
>
> I disagree...
>
> IT Done cheap is IT Done bad. always, and never more so than with
> security.
>
> There's a distinct difference between paying way over the odds for a
> consultant to sit there and oooh and aaaah whilst the meter runs, and
> employing a company with a good background in security to have a check
> over your systems. Seriously - it's money well spent.
>
> It's a malady of British Industry, I fear - people don't want to spend
> the money, and IT systems seem to be okay until the problems are
> forcibly brought home - whether it's a security breach, data loss
> through having no reliable backups, whatever.
>
> I'd take this as a narrow escape - you (seem to have) got away with
only
> having the web server compromised, do the right thing, get someone
local
> that you can get references for, with the appropriate certifications
> from people like checkpoint, and get your systems checked out.
>
> Advice from a list like this simply cannot compare to building a
> relationship with an IT supplier you can trust and getting some expert
> backup.
>
> Ian.
>
>
>
> UK Home Automation Meet 2004 - BOOK NOW!
> http://www.ukha2004.com
>
> http://www.automatedhome.co.uk
>
> Member Offers - http://www.freeranger.co.uk/ukha
Yahoo! Groups Links
>
>
>
>
>
> ---
> [This E-mail has been scanned for viruses but it is your
responsibility
> to maintain up to date anti virus software on the device that you are
> currently using to read this email. ]




UK Home Automation Meet 2004 - BOOK NOW!
http://www.ukha2004.com

http://www.automatedhome.co.uk

Member Offers - http://www.freeranger.co.uk/ukha
Yahoo! Groups Links










UK Home Automation Meet 2004 - BOOK NOW!
http://www.ukha2004.com

http://www.automatedhome.co.uk

Member Offers - http://www.freeranger.co.uk/ukha

UKHA_D Main Index | UKHA_D Thread Index | UKHA_D Home | Archives Home

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.