A book chapter excerpt from the upcoming book, Protecting Your Windows Network, is now available online. The book is being written by Jesper Johansson and Steve Riley and will be available from Addison Wesley in 2005.
The excerpt covers "paths hackers can use to infiltrate networks, what patching and version states reveal, IIS and SQL injection attacks, and the dangers of elevated privileges." In closing the chapter the writers state that once an intruder has infilitrated your system the following assumptions should be made:
-
You cannot clean a compromised system by patching it; patching only removes the vulnerability.
-
You cannot clean a compromised system by removing the backdoors.
-
You cannot clean a compromised system by using some "vulnerability remover."
-
You cannot clean a compromised system by using a virus scanner.
-
You cannot clean a compromised system by reinstalling the operating system over the existing installation.
-
You cannot trust any data copied from a compromised system.
-
You cannot trust the event logs on a compromised system.
-
You may not be able to trust your latest backup.
-
The only proper way to clean a compromised system is to flatten and rebuild it.
Do you agree that the above premises are valid? If not then post your opinion as comments to this article.
