[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Wed Jun 3 07:04:25 UTC 2009
John R. Dennison <jrd at gerdesas.com>

On Wed, Jun 03, 2009 at 01:57:20AM -0400, JohnS wrote:
>
> Dollars to Donuts ehhh???
> How many donuts you think it will take to pay for legal costs and clean
> up if there are customer data on the machine? I think right about now I

	4 chocolate eclairs should cover it :)

	But seriously...

> would:
> 1. Notify Risk Management and Your Compliancy Officer.
> 2. Take it off the network connections.
> 3. Do a live rsync and dd image + ram copy = running processes/hidden.
> 4. Same as 3. but with the machine off.
> 5. The company attorney needs to be notified.
> 6. By State and Federal Law in the US you have so many days to report
> incidents like this to users (customers) and law enforcement.

	While the specifics vary from company to company depending on 
	your corporate escalation procedures the above points are very
	valid and would of course need to be properly followed as
	required by your corporate entity.

	My comment regarding donuts was intended to be flippant and add
	a light side to the conversation; I assumed from the start that
	the original poster would follow his corporations established
	policy on notification and escalation as required.





						John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
                                     Ralf Hildebrandt
<sxem> trying to play sturgeon while it's under attack is apparently not fun.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090603/20511cfa/attachment-0005.sig>